Java和Kerberos身份validationkrb5.conf与System.setProperty的对比
请帮我解决kerberos + Java问题。 我有一个简单的Java程序,可以使用Kerberos对Windows Active Directory进行身份validation。 以下java代码工作正常,没有任何问题,并打印为true-
public class KerberosAuthenticator { public static void main(String[] args) { String jaasConfigFilePath = "/myDir/jaas.conf"; System.setProperty("java.security.auth.login.config", jaasConfigFilePath); System.setProperty("java.security.krb5.realm", "ENG.TEST.COM"); System.setProperty("java.security.krb5.kdc","winsvr2003r2.eng.test.com"); boolean success = auth.KerberosAuthenticator.authenticate("testprincipal", "testpass"); System.out.println(success); } } 当我指定krb5.conf文件的路径而不是手动指定领域和kdc时,它会错误地说“Null领域名称(601) – 未指定默认领域”。 以下是代码 –
public class KerberosAuthenticator { public static void main(String[] args) { String jaasConfigFilePath = "/myDir/jaas.conf"; System.setProperty("java.security.auth.login.config", jaasConfigFilePath); String krb5ConfigFilePath = "/etc/krb5/krb5.conf"; System.setProperty("java.security.krb5.conf", krb5ConfigFilePath); boolean success = auth.KerberosAuthenticator.authenticate("testprincipal", "testpass"); System.out.println(success); } }
krb5.conf的内容如下 –
[libdefault] default_realm = ENG.TEST.COM [realms] ENG.TEST.COM = { kdc = winsvr2003r2.eng.test.com kpasswd_server = winsvr2003r2.eng.test.com admin_server = winsvr2003r2.eng.test.com kpasswd_protocol = SET_CHANGE } [domain_realm] .eng.test.com = ENG.TEST.COM eng.test.com = ENG.TEST.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d versions = 10 } [appdefaults] kinit = { renewable = true forwardable = true }
你的krb5.conf错了。 它是[libdefaults] ,而不是[libdefault]。