I understand that to implement Kerberos authentication in JNDI, the code below should be used instead.
System.setProperty("javax.net.ssl.trustStore", keystore); env.setProperty(Context.SECURITY_AUTHENTICATION, "Simple"); env.setProperty(Context.SECURITY_PROTOCOL, "ssl"); env.setProperty(Context.SECURITY_PRINCIPAL, principal); env.setProperty(Context.SECURITY_CREDENTIALS, credentials); env.setProperty(Context.PROVIDER_URL, providerUrl); InitialLdapContext ctx = new InitialLdapContext(env, null); // Call change password function using ctx
I have also successfully implemented Kerberos authentication without WAS (no web services) by using the kinit command on the client to retrieve the cache and then running the modified code on the console. This can't be the right way to proceed as I cannot expect the client to open the command prompt to key kinit every time he uses the system.
I have executed the above code and managed to get a successfully authentication. The krb5.conf, keytab and keystore are stored locally on the client for this testing purpose. I understand that these are supposed to be configured within WAS.
LoginContext lc = new LoginContext("krb5.conf"); lc.login();
From novice to tech pro — start learning today.