java HttpServer无法使用kerberos进行身份验证

Question

I am running java server process that creates a HttpServer() object.

The process is run with following args

-Dsun.security.krb5.debug=true
-Djava.security.krb5.conf="C:\Windows\krb5.ini"
-Djava.security.auth.login.config="D:\jaas.conf"
-Djavax.security.auth.useSubjectCredsOnly=false
-Dhttp.auth.preference="Kerberos"

jaas.conf contents are as follows.

com.sun.security.jgss.krb5.accept {
    com.sun.security.auth.module.Krb5LoginModule required 
    useTicketCache=true
    storeKey=true  
    keyTab="D:\mykey.keytab"  
    doNotPrompt=true  
    useKeyTab=true 
    debug=true
    principal="fully_qualified_spn";
};

But the http server is not asking clients to authenticate using kerberos but just services the GET requests without any authentication.

My expectation is that having specified the http.auth.preference scheme to kerberos and having specified all the necessary config files, it should ask clients to authenticate.

I am also not seeing any additional logs after enabling the -Dsun.security.krb5.debug=true

Answer 1

What HTTP server? Your server requires some SPNEGO authenticator like this configured. Otherwise it won't prompt at all.