[32984] in Kerberos
a problem about KerberosTicket
daemon@ATHENA.MIT.EDU (Hui HH Yuan)
Thu Dec 23 18:04:46 2010
To: Kerberos@mit.edu
Message-ID: <OFCC9D1C98.CE1B0CBA-ON48257802.00305ABF-48257802.00328A23@cn.ibm.com>
From: Hui HH Yuan <huiyuan@cn.ibm.com>
Date: Thu, 23 Dec 2010 17:11:25 +0800
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Experts:
I have a problem as blow, could you help me why it so?
Environment:
Machine A: AD server
Machine S: server machine. login with domain user "userServer"
Machine C: client machine, login with domain user "userClient"
Problem:
1: "userClient" run the client application to get its KerberosTicket
object.
2: "userClient" send it's ticket to "userServer" by socket.
3: "userServer" start a service using this ticket.
4: open "Windows Taks Manager", the owner of the service is userServer(It
should be userClient).
could you help me why it so?
below is the code of starting a service by client ticket.
private void runMeAs(KerberosTicket ticket, String commandLine) throws
Exception {
Subject subject = new Subject();
// add a Principal and credential to the Subject
subject.getPrincipals().add(ticket.getClient());
subject.getPrincipals().add(ticket.getServer());
subject.getPublicCredentials().add(ticket);
subject.getPrivateCredentials().add(ticket);
try{
Object obj = Subject.doAs(subject, new LauncherAction(
commandLine));
}
catch (Exception e) {
System.out.println(">>>Start process failed " + e.getMessage
());
}
}
any advice and suggestions will be greatly appreciated.
Many thanks.
Best Regards,
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
