I have a JBoss webservice app that's configured for GSS-API (Kerberos) authentication of context tokens received from clients. It gets the GSS-API output token in a soap message and calls acceptSecContext(). GSS-API is configured wtih a Krb5LoginModule and a local keyTab file (exported from AD). All of this works great.
What doesn't work great is running this JBoss app as an actual Windows Service - the creation of the server's GSSCredentials fails with "No valid credentials provided", which I think typically means the keyTab file isn't found or can't be accessed. I've tried every type of user for the Widnows Service (LocalSystem, a local Admin user account w/password, etc.) and verified read perms on the keyTab file. I'm beginning to suspect it's just a problem with having the JVM wrapped in a native service process. (I'm using the Tanuki Java Service Wrapper). I know this is a fairly specific configuration but I'm hoping someone may have some experience to offer - have you been able to get a GSS- API-enabled Java server application running as a Windows Service with a local KeyTab file? If you have gotten this to work, did you ever see the above symptom & is there a likely cause? Or if not, could it be that this simply won't work - is there something about the Java GSS- API implementation that conflicts with running in a wrapping service process? TIA, Chris ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos