[jcifs] SSO problem

Michael B Allen mba2000 at ioplex.com
Tue Jan 11 02:01:55 GMT 2005

Tony Sze, CLSA said:
> We have successfully used jcifs-ext 0.9.4 in our J2EE application server
> for
> SSO with Kerberos (Windows 2000 Active Directory), but the caveat is, we
> didn't know how to use it with keytab so we ended up putting the password
> of
> the SPN in domain.xml in plain text.

It just uses the builtin Kerberos client libs that come with Java 1.4 so
see the Sun docs for specifics about how to get a renewable ticket from
the KDC. You probably still have to enter a password once in a while (at
reboot maybe).

> Also, we don't know how to configure
> a
> failover domain controller. Otherwise, it works.

That's specific to JCIFS. The jcifs-ext package actually doesn't use jCIFS
to talk to the DC. It only uses the NTLMSSP and Filter related code to
negotiate the credentials. I think any failover capability would have to
be builtin to the Kerberos client that comes with the JRE.


More information about the jcifs mailing list