my dog learned polymorphism*
The moose likes Security and the fly likes Testing Kerberos authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Testing Kerberos authentication" Watch "Testing Kerberos authentication" New topic
Author

Testing Kerberos authentication

Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
Hi,

I ran into a problem when testing my Kerberos login class. If I set an invalid Kerberos realm (or KDC) and try to authenticate, instead of failing as it should, it authenticates successfully. It seems that it's using the correct realm and KDC that was provided in previous tests. I can tell that this is the case because if I start out with the tests that have the invalid realm, then the authentication fails (as it should).

Is there some sort of persistent state that I'm unaware of? I'm using System.setProperty to set the Kerberos realm to an invalid one.

Thanks!
Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
My thought is that Kerberos itself is falling back on the previous realm and KDC that it used... Does anyone know much about how Kerberos works and how to override this behavior?
Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
Hmmm... Apparently there is a call in Krb5LoginModule that gives back the correct principal:

new PrincipalName("someString", PrincipalName.KRB_NT_PRINCIPAL);

But I cant find documentation on PrincipalName. Anyone know about this?
Ed Zeval
Greenhorn

Joined: Jun 19, 2008
Posts: 21
Hmm... well it seems that setting the refreshKrb5Config option to true in the Krb5LoginModule did the trick..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Testing Kerberos authentication
 
Similar Threads
Using System Properties in a multithreaded environment
Do we need to have a KDC to run a GSS API example?
JAAS in Jboss
Setting up a local KDC
JAAS - Getting Stored Kerberos Ticket