MIT Kerberos tool makes JAAS able to access the Wi

2019-06-04 18:30发布

Running a Java app using JAAS i got a surprising effect:
The Java client-application wasn't able to access windows LSA, until i installed the MIT Kerberos tool 'kfw-4.0.1-i386.msi' ?

The JAAS conf file settings:

WEBSTART_CLIENT_CONTEXT {
   com.sun.security.auth.module.Krb5LoginModule required 
   useTicketCache=true
   renewTGT=true
   doNotPrompt=false   
   debug=true; 
}

Running Java 1.8 on Windows 7
I got the logging using -Dsun.security.krb5.debug=true

left without MIT tool installed, fails
right with the MIT tool installed, succeeds
JAAS/krb comparison between with/without MIT tool

I tried setting the registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters Value Name: allowtgtsessionkey to 0 and 1, but that didn't change anything while MIT tool was uninstalled.

Can someone tell me if it is possible to access the LSA without installing the MIT tool? Or point me to information how JAAS is interacting with windows LSA?

0条回答
登录 后发表回答