stackoom
  简体   繁体   中英

How to generate a kerberos token without user input

 原文  2016-05-29 09:00:53       java/ kerberos/ spnego/ keytab

Question

I'm trying to generate a Kerberos client token in java, in order to send it in a header for a kerberized service.

For that I created a jaas login conf, and a keytab for my user. I want to generate the token automatically without any user input. For now I managed to create a token but i'm being prompted to enter the user's password, which is not what I want. When I set the 'doNotPrompt' to 'true' (in the login.conf) I get an exception "unable to obtain password from user", even though i'm specifying a keytab file.

I found very little code samples in the web, though eventually I used them. But I didn't find an answer to what i'm trying to do. Does anyone know how to accomplish what I want?

My login.conf is: 

com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required storeKey="true"
principal="HTTP/MyComp@DOMAIN" useKeyTab="true" 
keytab="c:\Users\me\Desktop\abc.keytab";
}

And my java code is: 

String clientPrincipal = "HTTP/MyComp@DOMAIN";
String serverPrincipal = "HTTP/ServerComp@DOMAIN";
Oid oid = new Oid("1.2.840.113554.1.2.2");

try
{
    GSSManager manager = GSSManager.getInstance();
    GSSName gssUserName = manager.createName(clientPrincipal, GSSName.NT_USER_NAME, oid);
    GSSCredential clientGSSCreds = manager.createCredential(gssUserName.canonicalize(oid),
                        GSSCredential.INDEFINITE_LIFETIME,
                        oid,
                        GSSCredential.INITIATE_ONLY);

    GSSName gssServerName = manager.createName(serverPrincipal, GSSName.NT_USER_NAME);
    GSSContext clientContext = manager.createContext(
                        gssServerName.canonicalize(oid),
                        oid,
                        clientGSSCreds,
                        GSSCredential.INITATE_ONLY);

    clientContext.requestCredDeleg(true);
    byte[] token = clientContext.initSecContext(token, 0, token.length);

}
catch (GSSException e){
    e.printStackTrace();
}

1 answers

solution1
 0 ACCPTED  2017-09-04 14:21:29

A keytab file can contain keys for different users, so you need to tell your login.conf the principal whose key you'll be using. This principal name is arbitrary: it only needs to match the name you provided when you created the keytab (although I recommend using the actual UPN of the user).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to generate the Kerberos Security Token? How to verify kerberos token? How to generate a JButton based on user input? Simple User/Password authentication for HiveServer2 (without Kerberos/LDAP) How to check for user input without exiting for error How to generate an ireport according user input in netbean gui How to generate multiple cardview based on user input in android How to generate odd numbers based on user input conditions How can I generate objects using the user input? How to allow user input without blocking until input begins?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM