[jcifs] WWW-Authenticate: Negotiate + SPNEGO Token
Eric Glass
eric.glass at gmail.com
Fri Sep 29 01:04:51 GMT 2006
You should be able to; it's been a long time since I dug into this
stuff, but I believe you should be able to do the following:
1) set java.security.auth.login.config in the filter configuration (in
web.xml) to an alternate JAAS config location
2) set javax.security.auth.useSubjectCredsOnly to false in web.xml
3) in the JAAS config, specify useKeyTab = true and keyTab = the
keytab location.
More details on 3) are here:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
Eric
On 9/28/06, Adrian <neural at gmail.com> wrote:
> Thanks for the advice. That's exactly what I've done, plus that little
> touch to update the SmbFile reference.
>
> On the other hand, I can't understand why the (mapped) user and
> password is needed in the filter configuration. I've found this
> explanation, but can't get a clear image:
> http://lists.samba.org/archive/jcifs/2004-August/003918.html
>
> Is it possible to use a keytab instead?
>
> Adrian
>
>
> On 9/28/06, Michael B Allen <mba2000 at ioplex.com> wrote:
> > On Thu, 28 Sep 2006 19:16:03 -0300
> > Adrian <neural at gmail.com> wrote:
> >
> > > OK, thank you for the quick reply. I've been coding a little since the post.
> > > I've noted that the jcifs-ext was using an old SmbFile interface, and
> > > partially repeated the spnego package that comes in jcifs-krb5-1.2.9.
> >
> > Yeah, I would take jcifs-krb5-1.2.9 and copy over anything missing
> > from jcifs-ext so that you have the latest of everything there is to
> > offer. In theory that should be all that is necessary to get the SPNEGO
> > filter working as I believe the interaction between Eric's code and the
> > stock JCIFS code is minimal.
> >
> > Mike
> >
> > --
> > Michael B Allen
> > PHP Active Directory SSO
> > http://www.ioplex.com/
> >
>
More information about the jcifs
mailing list