Spec-Zone .ru
спецификации, руководства, описания, API
|
The goal of this exercise is to learn how to configure a JAAS application that uses Kerberos for authentication to achieve single sign-on. Single sign-on means that the user needs only authenticate once to a system or a collection of services. After the initial authentication, the user can access other services in the system using the same identity as he used for the initial authentication.
Single sign-on can be used to describe different types of authentication. There are HTTP-based network single sign-on protocols. There is Kerberos-based single sign-on for network services. In this particular exercise, we show how to achieve single sign-on in Kerberos-based systems by showing how to import already-acquired Kerberos credentials from the underlying native operating system.
In addition, see the information provided in Exercises 2 and 4 for background information about Kerberos and Java GSS.
Steps to follow:
src/jaas-krb5.conf
This file contains two entries, one named "client" and one named "server." Add the line "useTicketCache=true" to the client entry.
Code listing for updated jaas-krb5.conf
.
|
Then, enter changeit when prompted for the password.
% kinit test