I'm trying to configure Tomcat 6 on Windows server 2008 to use recognise multiple Kerberos tickets but not having much luck. I've got a single keytab containing multiple SPNs but seem to only be able to specify a single principal name in the spnego config.
Reason for multiple SPNs is so I can authenticate connections both directly to the server but also through a load balancer alias.
Has anyone tried this before and have any pointers?
login.conf:
spnego-server {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="mykeytab.keytab"
principal=HTTP/[email protected];
};
From Java 7, as far as I know, you can use a wildcard principal
principal="*"
.From: http://www.grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8-b132/com/sun/security/auth/module/Krb5LoginModule.java#Krb5LoginModule