[jboss-user] [Security & JAAS/JBoss] - Re: Minimal JBoss config to use GSSAPI/Kerberos acceptSecCon
chriscorbell
do-not-reply at jboss.com
Mon Mar 9 20:41:45 EDT 2009
FYI I did get it working on Windows, it required that I generate the keyTab with
-crypto DES-CBC-MD5
instead of
-crypto DES-CBC-CRC
Creating the GSSCredentials and acceptSecContext now succeeds for me when I run my JBoss app from the console.
There appear to still be some rough edges in Windows 2003 Server R2 SP2 even with its fix to the issue that formerly caused its KDC to always use RC4. At least I'm guessing that's why it would work with Java GSSAPI with one option (MD5) and not the other.
Unfortunately this still fails for me - with a symptom that suggests the keyTab isn't found or properly read - when I run JBoss as a service using Takuki's Java Service Wrapper. I've started a thread on that on the wrapper-user mailing list.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4216406#4216406
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4216406
More information about the jboss-user
mailing list