Kerberos protocol, can authenticate the client by examining credentials presented by the client.
Kerberos is a network authentication protocol,Kerberos authenticate the client by examining credentials presented by the client.
It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
The concept depends on a trusted third party – a Key Distribution Center (KDC). The KDC is aware of all systems in the network and is trusted by all of them,
It performs mutual authentication, where a client proves its identity to a server and a server proves its identity to the client
This program demonstrate how to authenticate Kerberos against multiple domain
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
public class KerberosAuth {
**
* @author rohan kamat
* @version 1.0
*/
public static void main(String[] args) {
System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");
System.setProperty("java.security.krb5.conf", "\\krb5.conf"); // path to Domain configuration
System.setProperty("java.security.auth.login.config", "\\gss.conf"); //path to GSS configuration
// Kerberos login
LoginContext lc = null;
try {
lc = new LoginContext("Gss",
new UserNamePasswordCallbackHandler("LOGIN NAME",
"PASSWORD".toCharArray()));
lc.login();
lc.getSubject();
System.out.print("login success");
} catch (LoginException le) {
le.printStackTrace();
}
}
public static class UserNamePasswordCallbackHandler implements
CallbackHandler {
private String _userName;
private char[] _password;
public UserNamePasswordCallbackHandler(String userName, char[] password) {
_userName = userName;
_password = password;
}
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback && _userName != null) {
((NameCallback) callback).setName(_userName);
} else if (callback instanceof PasswordCallback
&& _password != null) {
((PasswordCallback) callback).setPassword(_password);
}
}
}
}
}
///gss.conf
Kerberos is a network authentication protocol,Kerberos authenticate the client by examining credentials presented by the client.
It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
The concept depends on a trusted third party – a Key Distribution Center (KDC). The KDC is aware of all systems in the network and is trusted by all of them,
It performs mutual authentication, where a client proves its identity to a server and a server proves its identity to the client
This program demonstrate how to authenticate Kerberos against multiple domain
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
public class KerberosAuth {
**
* @author rohan kamat
* @version 1.0
*/
public static void main(String[] args) {
System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");
System.setProperty("java.security.krb5.conf", "\\krb5.conf"); // path to Domain configuration
System.setProperty("java.security.auth.login.config", "\\gss.conf"); //path to GSS configuration
// Kerberos login
LoginContext lc = null;
try {
lc = new LoginContext("Gss",
new UserNamePasswordCallbackHandler("LOGIN NAME",
"PASSWORD".toCharArray()));
lc.login();
lc.getSubject();
System.out.print("login success");
} catch (LoginException le) {
le.printStackTrace();
}
}
public static class UserNamePasswordCallbackHandler implements
CallbackHandler {
private String _userName;
private char[] _password;
public UserNamePasswordCallbackHandler(String userName, char[] password) {
_userName = userName;
_password = password;
}
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback && _userName != null) {
((NameCallback) callback).setName(_userName);
} else if (callback instanceof PasswordCallback
&& _password != null) {
((PasswordCallback) callback).setPassword(_password);
}
}
}
}
}
///gss.conf
Mutual {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE ;
};
Gss{
com.sun.security.auth.module.Krb5LoginModule required client=TRUE ;
};
///krb5.conf
[libdefaults]
default_realm = ABC.LOCAL
ticket_lifetime = 600
[realms]
ABC.LOCAL = {
kdc = cd.abc.local
default_domain = ABC.LOCAL
}
XYZ.NET = {
kdc = ad.xyz.net
}
[domain_realm]
.abc.local = .ABC.LOCAL
abc.local = ABC.LOCAL
.xyz.net = .XYZ.NET
xyz.net = XYZ.NET
Awesome
ReplyDeleteUseful information
ReplyDelete