JAAS

05-02-2008

I have been trying to implement authentification of AD users with kerberos
im my web app.
I have setup my realm, kdc, krb5.conf and all the necessary JAAS option as
follows:
credsType: initiator
debug:true
useDefaultCcache: true
And run the piece of code listed below, but i get authenticated with the
user on the local machine. I relized that i get authenticated with the user
for which i
make the tickiet with kinit. what i cannot find answers for is
1. For the HTTP authentification, do I have to do some kind of Negotiation
through the response (eg. rsp.setHeader("WWW-Authenticate", "Negotiate")) or
dose this JAAS do for me?
2. Is the user which now gets authenticated (the local), the user nedeed to
talk to my DC and authenticate the remote user over HTTP (also read that i
have to
make a keytab file, and map a Kerberos service principal name)
I have tried many thing's on the web but havent found where the nagotiation
between my servlet and remote user takes place (allso setup my IE security)

:
LoginContext context = null;
try {

context = new LoginContext("searchkrb5");

context.login();

}
catch (LoginException e) {
System.err.println("Login failed");
System.out.println(e.getLocalizedMessage());
e.printStackTrace();

}
Subject subject = context.getSubject();
System.out.println(subject.toString());
Subject.doAs( subject, new TestJob());

05-03-2008

solved
"polilop" <> wrote in message
news:fvfms4$ono$...
>I have been trying to implement authentification of AD users with kerberos
>im my web app.
> I have setup my realm, kdc, krb5.conf and all the necessary JAAS option
> as follows:
> credsType: initiator
> debug:true
> useDefaultCcache: true
> And run the piece of code listed below, but i get authenticated with the
> user on the local machine. I relized that i get authenticated with the
> user for which i
> make the tickiet with kinit. what i cannot find answers for is
> 1. For the HTTP authentification, do I have to do some kind of Negotiation
> through the response (eg. rsp.setHeader("WWW-Authenticate", "Negotiate"))
> or
> dose this JAAS do for me?
> 2. Is the user which now gets authenticated (the local), the user nedeed
> to talk to my DC and authenticate the remote user over HTTP (also read
> that i have to
> make a keytab file, and map a Kerberos service principal name)
> I have tried many thing's on the web but havent found where the
> nagotiation between my servlet and remote user takes place (allso setup my
> IE security)
>
> :
> LoginContext context = null;
> try {
>
> context = new LoginContext("searchkrb5");
>
> context.login();
>
> }
> catch (LoginException e) {
> System.err.println("Login failed");
> System.out.println(e.getLocalizedMessage());
> e.printStackTrace();
>
> }
> Subject subject = context.getSubject();
> System.out.println(subject.toString());
> Subject.doAs( subject, new TestJob());
>
>

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
JAAS: Cisco TACACS+ LoginModule	blinky	Cisco	0	03-03-2005 03:41 AM
JAAS and user specific access to external system functionality	davout	Java	0	10-25-2003 07:33 AM
Newbie question on JAAS and LDAP	davout	Java	0	10-24-2003 05:24 PM
JAAS question...	Joel Beach	Java	1	09-19-2003 02:57 AM
JAAS config file	Marius Hintermann	Java	1	07-23-2003 03:11 PM