JAAS

Discussion in 'Java' started by polilop, May 2, 2008.

  1. polilop

    polilop Guest

    I have been trying to implement authentification of AD users with kerberos
    im my web app.
    I have setup my realm, kdc, krb5.conf and all the necessary JAAS option as
    follows:
    credsType: initiator
    debug:true
    useDefaultCcache: true
    And run the piece of code listed below, but i get authenticated with the
    user on the local machine. I relized that i get authenticated with the user
    for which i
    make the tickiet with kinit. what i cannot find answers for is
    1. For the HTTP authentification, do I have to do some kind of Negotiation
    through the response (eg. rsp.setHeader("WWW-Authenticate", "Negotiate")) or
    dose this JAAS do for me?
    2. Is the user which now gets authenticated (the local), the user nedeed to
    talk to my DC and authenticate the remote user over HTTP (also read that i
    have to
    make a keytab file, and map a Kerberos service principal name)
    I have tried many thing's on the web but havent found where the nagotiation
    between my servlet and remote user takes place (allso setup my IE security)

    :
    LoginContext context = null;
    try {

    context = new LoginContext("searchkrb5");

    context.login();

    }
    catch (LoginException e) {
    System.err.println("Login failed");
    System.out.println(e.getLocalizedMessage());
    e.printStackTrace();

    }
    Subject subject = context.getSubject();
    System.out.println(subject.toString());
    Subject.doAs( subject, new TestJob());
     
    polilop, May 2, 2008
    #1
    1. Advertising

  2. polilop

    polilop Guest

    solved
    "polilop" <> wrote in message
    news:fvfms4$ono$-com.hr...
    >I have been trying to implement authentification of AD users with kerberos
    >im my web app.
    > I have setup my realm, kdc, krb5.conf and all the necessary JAAS option
    > as follows:
    > credsType: initiator
    > debug:true
    > useDefaultCcache: true
    > And run the piece of code listed below, but i get authenticated with the
    > user on the local machine. I relized that i get authenticated with the
    > user for which i
    > make the tickiet with kinit. what i cannot find answers for is
    > 1. For the HTTP authentification, do I have to do some kind of Negotiation
    > through the response (eg. rsp.setHeader("WWW-Authenticate", "Negotiate"))
    > or
    > dose this JAAS do for me?
    > 2. Is the user which now gets authenticated (the local), the user nedeed
    > to talk to my DC and authenticate the remote user over HTTP (also read
    > that i have to
    > make a keytab file, and map a Kerberos service principal name)
    > I have tried many thing's on the web but havent found where the
    > nagotiation between my servlet and remote user takes place (allso setup my
    > IE security)
    >
    > :
    > LoginContext context = null;
    > try {
    >
    > context = new LoginContext("searchkrb5");
    >
    > context.login();
    >
    > }
    > catch (LoginException e) {
    > System.err.println("Login failed");
    > System.out.println(e.getLocalizedMessage());
    > e.printStackTrace();
    >
    > }
    > Subject subject = context.getSubject();
    > System.out.println(subject.toString());
    > Subject.doAs( subject, new TestJob());
    >
    >
     
    polilop, May 3, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marius Hintermann

    JAAS config file

    Marius Hintermann, Jul 3, 2003, in forum: Java
    Replies:
    1
    Views:
    5,094
    Ian DaBodewijk
    Jul 23, 2003
  2. Joel Beach

    JAAS question...

    Joel Beach, Sep 18, 2003, in forum: Java
    Replies:
    1
    Views:
    428
    Michiel Konstapel
    Sep 19, 2003
  3. davout
    Replies:
    0
    Views:
    396
    davout
    Oct 24, 2003
  4. davout
    Replies:
    0
    Views:
    405
    davout
    Oct 25, 2003
  5. davout
    Replies:
    0
    Views:
    446
    davout
    Oct 28, 2003
Loading...

Share This Page