Hi All Currently we have this check inside Krb5LoginModule:
private void validateConfiguration() throws LoginException { if (doNotPrompt && !useTicketCache && !useKeyTab) throw new LoginException ("Configuration Error" + " - either doNotPrompt should be " + " false or useTicketCache/useKeyTab " + " should be true"); ..... However, if the user has also provided tryFirstPass=true or useFirstPass=true, it's possible to get the password from a shared state. The restriction in the check is not necessary then. It can be changed to: if (doNotPrompt && !useTicketCache && !useKeyTab && !tryFirstPass && !useTicketPass) throw new LoginException ("Configuration Error" + " - either doNotPrompt should be " + " false or at least one of useTicketCache, " + " useKeyTab, tryFirstPass and useTicketPass" + " should be true"); I'll file a bug and fix it if you find it OK. Thanks Max