Re: Java sample for SSO using JAAS on XP SP2, did anybody get itto work?

Seema Malkani Mon, 04 Apr 2005 14:36:51 -0700

Although currently Java Kerberos does not support RC4-HMAC etype, this is not a problem with the encryption type.

JAAS Kerberos authentication does succeed when the user provides the login/password; this means user has enabled "DES" for this account. If the AD account settings have "use DES encryption" enabled, DES etype will be used; and the native TGT in the ticket cache would have a DES key.

We are looking into providing support for RC4-HMAC encryption type in Java Kerberos, in a future J2SE release.

Seema

Markus Moeller wrote:

Could it be a problem with the encryption types ? Windows default is rc4-hmac which isn't supported by Suns JAAS.

Markus

"vadim" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]

Hallo,

read this:

http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html

Regards, vadim tarassov

On Fri, 2005-04-01 at 17:05 -0600, Bajpai, Atul wrote:

Hi all,
I am using a JAAS sample to try SSO on windows. My problem is When I use
the Krb5LoginModule I am always prompted for a username and password. I
want my app to get the kerberos ticket for the currently logged in user
(which is me) without being prompted for username/password. To
understand the problem I set debug=true and following is the output I
get before I get prompted for username/pwd
===================================
Debug is  true storeKey false useTicketCache true useKeyTab false
doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
is true principal is null tryFirstPass is false useFirstPass is false
storePass is false clearPass is false
Refreshing Kerberos configuration
Principal is null
null credentials from Ticket Cache
===========================
My question is
1) Does this mean that ticket cache cannot be found hence a ticket could
not be found or just that the ticket cache is empty?
2) How do I find out where my ticket cache is and what it has?
3) When prompted for username/pwd, if I supply either mine or a test
account username/pwd, my login succeeds and I get back a subject from
the logincontext where I can see a kerberos ticket as part of the
private credentials. What could be the reason for my sample app not
being able to get a kerberos ticket for the currently logged in user
without prompting for username/pwd?

Seems like some of you have dealt with JAAS on windows before so I'll
really appreciate any pointers I can get on this.

thanks

________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

--
vadim <[EMAIL PROTECTED]>

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Java sample for SSO using JAAS on XP SP2, did anybody get itto work?

Reply via email to