Re: Bug in Kerberos JDK 1.4.2 / Windows XP ?

Fri, 18 Jun 2004 13:55:58 -0700 

Claude,

It appears that have configured your Windows domain to be all lower-case.
Kerberos realm names are case sensitive. By convention, all realm names are
uppercase. On Windows domains are also Kerberos realms, and realm name
is always the uppercase version of the domain name.

The LSA API called from the Java Kerberos library obtained the native ticket
for current domain. Hence if your domain is configured to be lower-case,
LSA API obtained the ticket with lower-case realm.

This issue has been fixed in J2SE 1.5.0 beta2 available at:
http://java.sun.com/j2se/1.5.0/download.jsp

Alternatively, you can reconfigure your Windows domain to be
all uppercase, and you'll get the Kerberos Ticket correctly.
Let me know if you have any further questions.

For any questions on Sun's implementation of Java GSS/Kerberos,
please communicate to us via [EMAIL PROTECTED] alias.

Seema

Rouiller Claude wrote:

The problem is that I get a ticket like "[EMAIL PROTECTED] to go to
krbtgt/[EMAIL PROTECTED]"
and I should get one like "[EMAIL PROTECTED] to go to
krbtgt/[EMAIL PROTECTED]".

And I don't know how to tell Windows that my ticket must refer to
krbtgt/[EMAIL PROTECTED] (instead of
krbtgt/[EMAIL PROTECTED]).

Thanks, Claude

-----Original Message-----
From: Jeffrey Altman [mailto:[EMAIL PROTECTED] Sent: Monday, June 07, 2004 4:29 PM
To: [EMAIL PROTECTED]
Subject: Re: Bug in Kerberos JDK 1.4.2 / Windows XP ?


I believe that you are running into the problem of authenticating
as the name the user logged in with.  Remember that Windows tries to
be case insensitive whereas Kerberos is case sensitive.

You must log into Windows using the name

        [EMAIL PROTECTED]

instead of

        [EMAIL PROTECTED]

Jeffrey Altman

Rouiller Claude wrote:


Isn't there a problem with the case (upper case / down case) of the


service


principal names of the tickets placed in the JAAS subject?
Or maybe the problem is in Windows XP?

I've described the problem in



http://forum.java.sun.com/thread.jsp?forum=60&thread=528692&tstart=0&trange=


15



<http://forum.java.sun.com/thread.jsp?forum=60&thread=528692&tstart=0&trange


=15> .

Claude


________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos








________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to