Home Contact Download

asyd.net

Welcome to Bruno Bonfils's (aka asyd homepage).
Trace: » jaas

Note to myself, and maybe useful for others too.

Since I request my kerberos tickets with proxyiable flag, all my JAAS / GSS (Kerberos) stuff is now working (almost) perfectly. I need to do extrat test in a web context, but it should be ok I think. Moreover, I need to understand good the interface used in doAs (a JAAS method). I hope have enough time to write few documentations about this all stuff.

Notes :

  • JRE's kinit doesn't full directives of /etc/krb5.conf (example: proxiable = true)
  • Obtain a ticket (JRE): kinit -f -p <principal>
  • Obtain a ticket (MIT): kinit <principal> with the following config :
[libdefaults]
   default_realm = FIMASYS.FR
   forwardable = true
   proxiable = true
   default_tkt_enctypes = des-cbc-md5
   default_tgs_enctypes = des-cbc-md5

[realms]
FIMASYS.FR = {
   kdc = srvfms-5.fimasys.fr
   admin_server = srvfms-5.fimasys.fr
}

Beware to enctypes, MIT default enctypes are not supported by the JVM