I'm not authoritative, but AFAIK there is no smart card support in Java, though there is pkcs11 support.
If I had to do it, I would do the smart card/PKINIT stuff outside Java, and then let Java use the acquired tgt. On Jun 25, 2013, at 5:52 AM, Ostap Andrusiv <pifos...@gmail.com> wrote: > Hi everyone, > > I've been playing with smart cards and faced some issues. > Long story short: > > Prerequisites: > > • I set up a basic Kerberos realm via Windows Active Directory. > • I managed to successfully login into service via login/password pair > using Java Kerberos(Krb5LoginModule), which is provided via JAAS. > Now I try to implement Kerberos login via smart card. Smart card > preauthentication in Kerberos is done via AS-REQ/AS-REP messages > (PA-PK-AS-REQ/P extensions). Unfortunately, JAAS Kerberos hasn't used the > smartcard. As far as I have seen, there were no PA-PK-AS-REQ/P extensions in > openjdk sources. Maybe, I missed something. > > Question: > > 1. Does Java Kerberos support smart card preauthentication out of the box? > > 2. If it doesn't, can I somehow extends existing Kerberos module or should I > implement whole Kerberos from the ground up? > > > > Thanks in advance, > Ostap Andrusiv > > > web: http://andrusiv.com > skype: ostap.andrusiv > ::p!F