Java和Kerberos身份验证krb5.conf与System.setProperty [英] Java and Kerberos authentication krb5.conf versus System.setProperty
问题描述
请帮我解决kerberos + Java问题。我有一个简单的Java程序,可以使用Kerberos对Windows Active Directory进行身份验证。以下java代码工作正常,没有任何问题,并打印为true -
Please help me on a kerberos+Java problem. I have a simple Java program to authenticate to a Windows Active Directory using Kerberos. The following java code works fine without any problems and prints true-
public class KerberosAuthenticator {
public static void main(String[] args) {
String jaasConfigFilePath = "/myDir/jaas.conf";
System.setProperty("java.security.auth.login.config", jaasConfigFilePath);
System.setProperty("java.security.krb5.realm", "ENG.TEST.COM");
System.setProperty("java.security.krb5.kdc","winsvr2003r2.eng.test.com");
boolean success = auth.KerberosAuthenticator.authenticate("testprincipal", "testpass");
System.out.println(success);
}
}
当我指定krb5.conf的路径时Bue文件而不是手动指定领域和kdc,它错误地说Null领域名称(601) - 未指定默认领域。以下是代码 -
Bue when I specify the path to the krb5.conf file instead of manually specifying the realm and kdc, it errors out saying "Null realm name (601) - default realm not specified". Following is the code-
public class KerberosAuthenticator {
public static void main(String[] args) {
String jaasConfigFilePath = "/myDir/jaas.conf";
System.setProperty("java.security.auth.login.config", jaasConfigFilePath);
String krb5ConfigFilePath = "/etc/krb5/krb5.conf";
System.setProperty("java.security.krb5.conf", krb5ConfigFilePath);
boolean success = auth.KerberosAuthenticator.authenticate("testprincipal", "testpass");
System.out.println(success);
}
}
krb5.conf的内容如下 -
The contents of krb5.conf is as follows-
[libdefault]
default_realm = ENG.TEST.COM
[realms]
ENG.TEST.COM = {
kdc = winsvr2003r2.eng.test.com
kpasswd_server = winsvr2003r2.eng.test.com
admin_server = winsvr2003r2.eng.test.com
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
.eng.test.com = ENG.TEST.COM
eng.test.com = ENG.TEST.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
period = 1d
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable = true
}
推荐答案
你的krb5.conf错了。它是 [libdefaults] ,而不是[libdefault]。
Your krb5.conf is wrong. It's [libdefaults], not [libdefault].
这篇关于Java和Kerberos身份验证krb5.conf与System.setProperty的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!