I am using JAAS to get Kerberos credentials. My config file look like this:
SignedOnUserLoginContext
{
com.sun.security.auth.module.Krb5LoginModule required debug=true useTicketCache=true doNotPrompt=true;
};
The code to get Kerberos credentials
try {
LoginContext lc = new LoginContext("SignedOnUserLoginContext");
lc.login();
Subject signedOnUserSubject = lc.getSubject();
Set<Object> privateCred = signedOnUserSubject.getPrivateCredentials();
for (Object privates : privateCred) {
if (privates instanceof KerberosTicket) {
KerberosTicket ticket = (KerberosTicket)privates;
return ticket.getEncoded();
}
}
}
When i transfer the ticket to other machines and using JAAS to login using Kerberos, it doesn't get authenticated. my config file at receiving:
KrbLogin{
com.sun.security.auth.module.Krb5LoginModule required
principal=principal@realm
useTicketCache="FILE:///where i store the ticket"
};
I am suspecting I cannot just get the ticket like that, but need to get the whole private credentials returned by getPrivateCredentials(). Also, using doNotPrompt=true and useTicketCache=true I am trying to get from Windows cache.
I read in some Java security book that private credentials can include other data such as private keys, encryption keys, password etc...
Hence, i would need to get the return value of getPrivateCredentials(). How can get what is returned by getPrivateCredentials() into an actual Kerberos credential file. I read in order to access these data, I would need to use PrivateCredentialPermission module. Is there example to show how to do this?
