• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Testing Kerberos authentication

 
Ed Zeval
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I ran into a problem when testing my Kerberos login class. If I set an invalid Kerberos realm (or KDC) and try to authenticate, instead of failing as it should, it authenticates successfully. It seems that it's using the correct realm and KDC that was provided in previous tests. I can tell that this is the case because if I start out with the tests that have the invalid realm, then the authentication fails (as it should).

Is there some sort of persistent state that I'm unaware of? I'm using System.setProperty to set the Kerberos realm to an invalid one.

Thanks!
 
Ed Zeval
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My thought is that Kerberos itself is falling back on the previous realm and KDC that it used... Does anyone know much about how Kerberos works and how to override this behavior?
 
Ed Zeval
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hmmm... Apparently there is a call in Krb5LoginModule that gives back the correct principal:

new PrincipalName("someString", PrincipalName.KRB_NT_PRINCIPAL);

But I cant find documentation on PrincipalName. Anyone know about this?
 
Ed Zeval
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hmm... well it seems that setting the refreshKrb5Config option to true in the Krb5LoginModule did the trick..
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic