Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
I understand that to implement Kerberos authentication in JNDI, the code below should be used instead.
System.setProperty("javax.net.ssl.trustStore", keystore); env.setProperty(Context.SECURITY_AUTHENTICATION, "Simple"); env.setProperty(Context.SECURITY_PROTOCOL, "ssl"); env.setProperty(Context.SECURITY_PRINCIPAL, principal); env.setProperty(Context.SECURITY_CREDENTIALS, credentials); env.setProperty(Context.PROVIDER_URL, providerUrl); InitialLdapContext ctx = new InitialLdapContext(env, null); // Call change password function using ctx
I have also successfully implemented Kerberos authentication without WAS (no web services) by using the kinit command on the client to retrieve the cache and then running the modified code on the console. This can't be the right way to proceed as I cannot expect the client to open the command prompt to key kinit every time he uses the system.
I have executed the above code and managed to get a successfully authentication. The krb5.conf, keytab and keystore are stored locally on the client for this testing purpose. I understand that these are supposed to be configured within WAS.
LoginContext lc = new LoginContext("krb5.conf"); lc.login();
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
Join the community of 500,000 technology professionals and ask your questions.