I am having trouble getting SSO with Kerberos/AD working. I can authenticate against AD if I have captured username and password, but I cannot authenticate using credentials arising from a Windows login.
I am on W2000, SP4. I am using JDK 1.5_10. I have set the Windows registry value as recommended.
My specific question relates to the callback handler.
As I understand it, the purpose of the callback handler is to interact with the user: the name and password handlers allow authentication data to be captured, and the text handler allows output to the user.
If I am seeking to authenticate using existing credentials then I assume that the user will not have to enter username or password. The callback handler is therefore, to my mind, a logical no-op.
I have coded my callback handler to do nothing at all, either on construction or in the handle method.
I am gettting the following exception:
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be null!
What should the callback handler do in this case? Or is this a manifestation of another problem?
My krb5.conf is as follows --
Authenticate
{
com.sun.security.auth.module.Krb5LoginModule
required
useTicketCache=true
doNotPrompt=false
debug=true;
}
Thanks for any help -- I've been tussling with this for a while.
Alec