I have a Java API that talks to the Kerberos server and performs various operations. As of now, my API requests for non-renewable tickets to the Kerberos server. From what I understand, the jaas config file has an option to set the renewTGT option to true so that a renewable ticket can be issued. However, Jaas seems to have a lot of restrictions on setting the "renewUntil" time. Can anyone please tell me how we can request for arenewable ticket and also control its renewability? Basically, is there a way we can perform a Java equivalent of the operation : kinit -R ? Thanks in advance.
Jaas - Requesting Renewable Kerberos Tickets
2.3k views Asked by user2690793 At
1
There are 1 answers
Related Questions in KERBEROS
- Jndi connect to LDAP by GssApi KrbException: Server not found in Kerberos database (7)
- Kerberos Authentication for an API
- SASL GSSAPI: ldap_sasl_interactive_bind : Other error (80) no credentials supplied
- SQL Server Kerberos authentication
- How do I obtain a user's domain in nginx during authentication through AD with Kerberos?
- Kerberos ticket validity
- Unable to create Kafka Consumer using Kerberos Authentication System
- Does DataGrip Support Postgres Authentication with Kerberos?
- Setting up SOLR authentication kerebos plugin
- Authenticating and transferring files to the shared drive using Kerberos auth via SMB in Python
- Resolving Kerberos vs NTLM Authentication Issue in Cross-Domain SQL Server Connection
- Git clone failed with Krb5LoginModule error - JNA Library
- SPNEGO/GSS-API Golang packages for Kerberos authentication on MacOS
- VBA MSXML2.ServerXMLHTTP60 Web Request with Kerberos Authentication
- Deserializing a Kerberos Token
Related Questions in JAAS
- JAAS configuration for Managed Identity for Kafka-Connect in Azure
- Unable to access FileNet CE from BAW
- How does the tomcat servlet container know if authentication succeeds?
- requestMatchers giving Error in spring security how to solve this error?
- Wildfly 29 - War artifact doesn't work in a Remote Virtual Machine but it does in a local environment
- Getting "org.springframework.security.authentication.BadCredentialsException: Kerberos validation not succesful" exception
- Java JAAS configuration when Kerberos credential cache is externally managed
- Confluent rest prozy basic authentication doesn't work
- Search users in a group - Jetty JAAS LDAP
- Could not find a 'Kafka Client' entry in the JAAS configuration
- Tomcat Authentication Request
- Authentication with SASL using JAAS VS librdkafka oAuthBearer
- How to connect to Postgres from Spring Boot using GSS API?
- Could not find a 'KafkaServer' entry in the JAAS configuration error
- JAAS/JGSS misunderstanding
Related Questions in RENEWAL
- SSL/TLS certificate exchange/renewal needs private key of the old certificate in CSR
- Automatically reload self-signed certificates in Traefik without having to restart pods every time
- Github Enterprise - automaticlly token renewal
- How to update a class attribute when an instance attribute changes?
- Venafi Digicert certificate renewal issue using terraform
- Generating same fingerprints across renewal
- woocommerce subscritpions : enable early renewal
- Renewal JWT token on Kong API Gateway OSS
- How to call a function when google pay billing is renewed
- Trying to renew a cert made with my own CA fails with "There is already a certificate for... "
- letsencrypt renewal fails ubuntu server (LAMPP installation)
- certbot-auto: No such file or directory
- Certificate renewal fails with unauthorized/invalid response/404 .well-known/
- Could you tell us please when the data on the map will be updated?
- Python3 SMTP SSL Cert Renewal - SSL: CERTIFICATE_VERIFY_FAILED unable to get local issuer certificate(_ssl.c:1108)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
As of JDK7 (1.7.0_55), JAAS
Krb5LoginModuledoes not provide any option to request a renewable TGT when authenticating, so this is not currently possible using JAAS. You might be able to achieve this, but you would need to use the internal Kerberos classes directly, bypassing JAAS.Internally,
Krb5LoginModuleinstantiates asun.security.krb5.KrbAsReqBuilderto obtain credentials using either a provided password, or a keyTab.KrbAsReqBuilderhas asetOptions(KDCOptions options)method, but this is not called in the login module. If it could be accessed, you could callKDCOptions#set(KDCOptions.RENEWABLE, true), and I would then expect the returned ticket to be renewable, if the KDC is configured to allow renewable tickets.