JAAS and Kerberos
680524Oct 12 2011 — edited Oct 19 2011Dear friends,
I am a new guy of JAAS and Kerberos. And I have some questions after saw the Oracle document.
I am using windows xp as the client.
We specify the Krb5LoginModule in the java authentication configuration file to perform the login and authentication. We may also specify
a Callback to the LoginContext. Then the Krb5LoginModule will get the user credentials from the kerberos KDC.
My question are 1)As we know, in windows, sometimes, we are not prompted to input the username/password by the callback but
the application can obtain it. why? I think it is because we configure the windows register to cache the Subject to support the kerberos(adding parameter allowtgtsessionkey with value 1). When user logins to windows, the authentication is done by the LDAP(AD) server and the Subject is cached in local.
Am I right?
2) How the Krb5LoginModule get the user credentials from kerberos KDC(Subject subject=loginContext.getSubject())? Although, Oracle's document indicates that we need to
specify the -Djava.security.krb5.realm=<your_realm> and -Djava.security.krb5.kdc=<your_kdc> for the login. But I did not use this two parameter and I still could
login successfully. Could you please explain this? Does the application know the realm and kdc from the current opration system(windows)?
Appreciate your time and help.
Thanks,
Ricky