[jcifs] SPNEGO how to?

Eric Glass eric.glass at gmail.com
Wed Aug 11 16:44:31 GMT 2004 

jcifs-ext uses JAAS to obtain credentials; by default it uses a login
handler which responds to requests for credentials by supplying
"jcifs.spnego.servicePrincipal" and "jcifs.spnego.servicePassword" (on
the acceptor side).  The kerberos login module uses these credentials
to obtain a ticket, which it stores in the subject.  The
useSubjectCredsOnly parameter indicates the Kerberos classes should
look in the subject for the ticket (which is the default behavior).

You can set the useSubjectCredsOnly parameter to false, but you would
need to have the underlying Kerberos infrastructure configured to use
a ticket cache or similar.  By default jcifs-ext will look for the
JAAS login configuration file in /WEB-INF/login.conf; you can define
the "com.sun.security.jgss.accept" entry in there (specifying
useTicketCache, etc.).


Eric


On Mon, 9 Aug 2004 18:40:05 +0800, Guofeng Zhang
<guofengzhang at visionnex.com> wrote:
> 
> Thank you very much. It works very fine.
> 
> I find that if I add the following code in that filter:
>   System.setProperty("javax.security.auth.useSubjectCredsOnly", "false") ;
> The Negotiate won't work.
> 
> Why?
> 
> Anthoter question:
>   Why have to define "jcifs.spnego.servicePassword" parameter?  Is it related to "useSubjectCredsOnly" property?
> 
> Thanks again.
> 
> 
> 
> 
> -----Original Message-----
> From: Eric Glass [mailto:eric.glass at gmail.com]
> Sent: Friday, August 06, 2004 4:42 PM
> To: Guofeng Zhang
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] SPNEGO how to?
> 
> See:
> 
> http://lists.samba.org/archive/jcifs/2004-June/003497.html
> 
> The documentation in jcifs-ext is somewhat lacking (read: virtually
> nonexistent).  I plan on addressing this next time I get around to
> working on it (hopefully sooner than later).
> 
> Eric
> 
> On Fri, 6 Aug 2004 11:52:39 +0800, Guofeng Zhang
> <guofengzhang at visionnex.com> wrote:
> >
> > I am trying AuthenticationFilter class in jcifs-ext-0.9.4.
> >
> > Can anyone tell me how to configure SPNEGO/Negotiate for AuthenticationFilter?
> >
> > Thank you very much.
> >
> >
>

More information about the jcifs mailing list