Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Testing Kerberos authentication

 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I ran into a problem when testing my Kerberos login class. If I set an invalid Kerberos realm (or KDC) and try to authenticate, instead of failing as it should, it authenticates successfully. It seems that it's using the correct realm and KDC that was provided in previous tests. I can tell that this is the case because if I start out with the tests that have the invalid realm, then the authentication fails (as it should).

Is there some sort of persistent state that I'm unaware of? I'm using System.setProperty to set the Kerberos realm to an invalid one.

Thanks!
 
Ed Zeval
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My thought is that Kerberos itself is falling back on the previous realm and KDC that it used... Does anyone know much about how Kerberos works and how to override this behavior?
 
Ed Zeval
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hmmm... Apparently there is a call in Krb5LoginModule that gives back the correct principal:

new PrincipalName("someString", PrincipalName.KRB_NT_PRINCIPAL);

But I cant find documentation on PrincipalName. Anyone know about this?
 
Ed Zeval
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hmm... well it seems that setting the refreshKrb5Config option to true in the Krb5LoginModule did the trick..
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic