i am trying to created a JAVA program that will get my windows users credentials, then connect to the kerberos on my unix box and authenticate and allow me to use a service, for an example an LDAP server.
All examples i have found tend to on run ask me for my password, i do not want this - I wish to be able to run the program and 'if by magic' im kerberos authenticated.
Any links and example are appreciated.
We have successfully setup SSO using Kerberos with a Java EE application and authenticating against a Windows Active Directory after many weeks of trials and web crawling.
JBOSS Negotiation and Spring Kerberos have both worked for us. However, both sets of documentation are not accurate enough to get you off the ground running. Put simple for either solution...
ktpass problems:
ktpass /out c:\service.keytab /mapuser [email protected] /princ HTTP/[email protected] /pass /ptype KRB5_NT_PRINCIPAL
setspn –A HTTP/hostname.testdomain.server.com userservice
Finally, before every single test, use kinit purge to clear cached tickets.
Also, duplicate SPN's will break things badly! setspn -X in windows server 2008 will detect this (or google for script), if in doubt when doing this, start afresh with new service user and principal name every time!
Hope this helps someone avoid the pain I've had.