[37539] in Kerberos
Re: kinit from java
daemon@ATHENA.MIT.EDU (Todd Grayson)
Thu Jun 23 10:17:45 2016
MIME-Version: 1.0
In-Reply-To: <20160623090948.GA6074@maia.oucs.ox.ac.uk>
From: Todd Grayson <tgrayson@cloudera.com>
Date: Thu, 23 Jun 2016 08:17:11 -0600
Message-ID: <CALNT6MUKkFUWY6A5C8RekCRitWxyuvznooS3nM9fnPe7y36LCQ@mail.gmail.com>
To: Dameon Wagner <dameon.wagner@it.ox.ac.uk>
Cc: "kerberos@MIT.EDU" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
This discusses how its implemented from the java application perspective,
through the JAAS/JGSS layers.
http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/single-signon.html
On Thu, Jun 23, 2016 at 3:09 AM, Dameon Wagner <dameon.wagner@it.ox.ac.uk>
wrote:
> On Wed, Jun 22 2016 at 06:37:31 +0000, Ghosh, Parthapratim scribbled
> in "kinit from java":
> > Hi Kerberos team,
> >
> > I have the following question -
> >
> > How can one simulate kinit call with userid and password from java.
> > I have a java process running and want to kinit from that process.
>
> That can depend on the reason why you want to kinit.
>
> If you're looking to have Kerberos credentials available for the java
> process so that it can authenticate it self to other services, then
> you may find it better to run the java process from k5start. As I'm
> lazy I won't try to explain how it all works here, but will rather
> just quote the first paragraph of the manpage:
>
> #---8<-----------------------------------------------------------------
> k5start obtains and caches an initial Kerberos ticket-granting ticket
> for a principal. k5start can be used as an alternative to kinit, but
> it is primarily intended to be used by programs that want to use a
> keytab to obtain Kerberos credentials, such as a web server that needs
> to authenticate to another service such as an LDAP server.
> #---8<-----------------------------------------------------------------
>
> If that sounds like the sort of solution you're after, I can highly
> recommend k5start (and krenew from the same package).
>
> Cheers.
>
> Dameon.
>
> --
> ><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
> Dr. Dameon Wagner, Systems Development and Support
> IT Services, University of Oxford
> ><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
