[31094] in Kerberos
RE: KfW 3.2.2 on Win XP SP3 + file cache = repeated password asking?
daemon@ATHENA.MIT.EDU (Kronus David)
Mon May 11 07:33:32 2009
Message-ID: <3cb6c6da59194bd08a11239a9afec80d@a38ebf95e7af45eea4db8645669e8721>
Date: Mon, 11 May 2009 11:32:57 GMT
Mime-Version: 1.0
From: "Kronus David" <kronda@atlas.cz>
To: <kerberos@mit.edu>
Cc:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Jeffrey,
thanks for your sharp answer, it has solved my problem.
David
-----Original Message-----
From: Jeffrey Altman [mailto:jaltman@secure-endpoints.com]
Sent: Monday, May 11, 2009 1:11 PM
To: kronda@atlas.cz
Cc: kerberos@mit.edu
Subject: Re: KfW 3.2.2 on Win XP SP3 + file cache = repeated password asking?
Try setting the default identify after you alter the associated cache name.
Kronus David wrote:
> Hi all,
> I'm not really expert so this might be a sign of my misunderstanding but...
>
> I'm using Network ID manager to authenticate to a Linux server running MIT Kerberos KDC and other kerberized servers (SSHd, Apache+mod_auth_kerb). When I initially configured my identity in NetIdMgr, everything worked fine - input my password just once and then no more (using kerberized Putty, TortoiseSVN, Firefox...). So I conclude from this that there is no problem with the server.
>
> Then I played with Java and wanted to use my cached credentials from KfW also using JAAS. I changed the cache in my identity configuration from API:... to FILE:c:\Temp\ccache. Cache worked, the file had been created after obtaining credentials. And after some time JAAS started to work. I was amazed but not for long because I've realized that with file-based cache NetIdMgr is asking for my password each time when some application using KfW dlls needs credentials (Firefox, Putty...). Even when I open putty twice for the same SSH server, NetIdMgr asks for password. Otherwise everything works but this is totally unusable. I tried to play with the settings but haven't arrived to a solution or an explanation. When I change back to API: cache, everything works fine (except JAAS...).
>
> So, what's the problem?
> 1) Is this expected behaviour when using file-based cache? Shall I configure something to get rid of the repeated password prompt? I haven't really found any information about using file cache with KfW, it seems to be out-of-fashion, since Java is probably able to read from LSA, but that doesn't help me in this case (no AD domain), does it?
> 2) If the answer to question 1) is "YES, it it expected and you can't do anything about it", can you please advice me on a way in which KfW and JAAS can cooperate in a nice way?
>
> Thanks for any help.
> David
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
