MIT Kerberos tool makes JAAS able to access the Windows LSA? How to do it without the tool

送分小仙女□ 提交于 2019-12-08 08:24:28

问题


Running a Java app using JAAS i got a surprising effect:
The Java client-application wasn't able to access windows LSA, until i installed the MIT Kerberos tool 'kfw-4.0.1-i386.msi' ?

The JAAS conf file settings:

WEBSTART_CLIENT_CONTEXT {
   com.sun.security.auth.module.Krb5LoginModule required 
   useTicketCache=true
   renewTGT=true
   doNotPrompt=false   
   debug=true; 
}

Running Java 1.8 on Windows 7
I got the logging using -Dsun.security.krb5.debug=true

left without MIT tool installed, fails
right with the MIT tool installed, succeeds

I tried setting the registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters Value Name: allowtgtsessionkey to 0 and 1, but that didn't change anything while MIT tool was uninstalled.

Can someone tell me if it is possible to access the LSA without installing the MIT tool? Or point me to information how JAAS is interacting with windows LSA?

来源:https://stackoverflow.com/questions/33570059/mit-kerberos-tool-makes-jaas-able-to-access-the-windows-lsa-how-to-do-it-withou

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!