Java and Kerberos authentication krb5.conf versus System.setProperty
40,646
Your krb5.conf is wrong. It's [libdefaults], not [libdefault].
Comments
-
Keshav over 3 years
Please help me on a kerberos+Java problem. I have a simple Java program to authenticate to a Windows Active Directory using Kerberos. The following java code works fine without any problems and prints true-
public class KerberosAuthenticator { public static void main(String[] args) { String jaasConfigFilePath = "/myDir/jaas.conf"; System.setProperty("java.security.auth.login.config", jaasConfigFilePath); System.setProperty("java.security.krb5.realm", "ENG.TEST.COM"); System.setProperty("java.security.krb5.kdc","winsvr2003r2.eng.test.com"); boolean success = auth.KerberosAuthenticator.authenticate("testprincipal", "testpass"); System.out.println(success); } }
Bue when I specify the path to the krb5.conf file instead of manually specifying the realm and kdc, it errors out saying "Null realm name (601) - default realm not specified". Following is the code-
public class KerberosAuthenticator { public static void main(String[] args) { String jaasConfigFilePath = "/myDir/jaas.conf"; System.setProperty("java.security.auth.login.config", jaasConfigFilePath); String krb5ConfigFilePath = "/etc/krb5/krb5.conf"; System.setProperty("java.security.krb5.conf", krb5ConfigFilePath); boolean success = auth.KerberosAuthenticator.authenticate("testprincipal", "testpass"); System.out.println(success); } }
The contents of krb5.conf is as follows-
[libdefault] default_realm = ENG.TEST.COM [realms] ENG.TEST.COM = { kdc = winsvr2003r2.eng.test.com kpasswd_server = winsvr2003r2.eng.test.com admin_server = winsvr2003r2.eng.test.com kpasswd_protocol = SET_CHANGE } [domain_realm] .eng.test.com = ENG.TEST.COM eng.test.com = ENG.TEST.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d versions = 10 } [appdefaults] kinit = { renewable = true forwardable = true }