I see. So it looks like the MS tool is calling JAAS. Is it asking you to
prepare a JAAS login file like this?
client {
com.sun.security.auth.module.Krb5LoginModule required
...;
};
You can put a key-value pair ticketCache=ccache_file inside it where
ccache_file is the KRB5CCNAME env variable. This would assign the value
to ticketCacheName and your patch won't be needed.
In fact, whatever credentials you specified here will not be used by the
final GSS mech at all (since it's native). So maybe we can just trick
the MS tool that a login is there but do nothing. Please try this (jdk7
only)
client {
com.sun.security.auth.module.Krb5LoginModule required
principal=nobody@NOWHERE
useKeyTab=true
isInitiator=false;
};
If this work, you don't need to call kinit and save a ccache file somewhere.
-Weijun
On 10/22/2012 09:16 AM, chris...@zoulas.com wrote:
On Oct 22, 8:17am, weijun.w...@oracle.com (Weijun Wang) wrote:
-- Subject: Re: bug fix for native kerberos libraries
| You are still using JAAS? There is no need to call Krb5LoginModule or
| read credentials cache yourself if you are using native kerberos. Just
| call JGSS APIs directly.
|
| Thanks
| Weijun
I am not doing anything with kerberos/gssapi directly. I am just using
the Microsoft sql server java driver (*), and it is doing all the calls.
While it works fine with the java implementation, it does not work with
the native MIT libraries, and needs that fix.
Best,
christos
(*) http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=11774
