Note to myself, and maybe useful for others too.
Since I request my kerberos tickets with proxyiable flag, all my JAAS / GSS (Kerberos) stuff is now working (almost) perfectly. I need to do extrat test in a web context, but it should be ok I think. Moreover, I need to understand good the interface used in doAs (a JAAS method). I hope have enough time to write few documentations about this all stuff.
Notes :
[libdefaults] default_realm = FIMASYS.FR forwardable = true proxiable = true default_tkt_enctypes = des-cbc-md5 default_tgs_enctypes = des-cbc-md5 [realms] FIMASYS.FR = { kdc = srvfms-5.fimasys.fr admin_server = srvfms-5.fimasys.fr }
Beware to enctypes, MIT default enctypes are not supported by the JVM