How to communicate with two different KDC servers from single Java client program using Java GSS-API and Kerberos 5?

1k views Asked by At

I am using Java GSS-API with Kerberos for secure Authentication. I implemented sample Server and sample Client programs, and Client is able to successfully authenticate and get the service from Server. For these sample programs I passed the KDC address through Java System Property (java.security.krb5.kdc). Now the problem is that I want to connect to two different KDC Servers from single Client program to access multiple services. Through system property we can pass only one KDC Server address. How can I connect to multiple KDC Servers from a single Client program?

1

There are 1 answers

3
Bhushan Karmarkar On BEST ANSWER

You can specify multiple domain entries and corresponding KDCs using KRB5 config file.

[libdefaults]
default_realm = A1.LOCAL
default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc

[realms]
A1.LOCAL  = {
   kdc = ADA1.A1.LOCAL
}

B1.LOCAL = {
   kdc = ADB1.B1.LOCAL
}

[domain_realm] 
a1.local=A1.LOCAL
    .a1.local=A1.LOCAL
b1.local=B1.LOCAL
.b1.local=B1.LOCAL

Instead of setting each property separately, provide this file as a configuration to your program. This can be done using - System.setProperty("java.security.krb5.conf", krb5ConfigFilePath);