问题
Running a Java app using JAAS i got a surprising effect:
The Java client-application wasn't able to access windows LSA, until i installed the MIT Kerberos tool 'kfw-4.0.1-i386.msi' ?
The JAAS conf file settings:
WEBSTART_CLIENT_CONTEXT {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
renewTGT=true
doNotPrompt=false
debug=true;
}
Running Java 1.8 on Windows 7
I got the logging using -Dsun.security.krb5.debug=true
left without MIT tool installed, fails
right with the MIT tool installed, succeeds
I tried setting the registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value Name: allowtgtsessionkey to 0 and 1, but that didn't change anything while MIT tool was uninstalled.
Can someone tell me if it is possible to access the LSA without installing the MIT tool? Or point me to information how JAAS is interacting with windows LSA?
来源:https://stackoverflow.com/questions/33570059/mit-kerberos-tool-makes-jaas-able-to-access-the-windows-lsa-how-to-do-it-withou