I have a Java API that talks to the Kerberos server and performs various operations. As of now, my API requests for non-renewable tickets to the Kerberos server. From what I understand, the jaas config file has an option to set the renewTGT option to true so that a renewable ticket can be issued. However, Jaas seems to have a lot of restrictions on setting the "renewUntil" time. Can anyone please tell me how we can request for arenewable ticket and also control its renewability? Basically, is there a way we can perform a Java equivalent of the operation : kinit -R ? Thanks in advance.
Jaas - Requesting Renewable Kerberos Tickets
2.3k views Asked by user2690793 At
1
There are 1 answers
Related Questions in KERBEROS
- Windows client damage authorization header (Kerberos) => IIS 400 (Bad Request)
- Configure Kerberos auth for TFS 2013
- Single Sign-On in Windows Applications using AD login
- C# RestSharp library and Kerberos authentication
- Hiveserver2 Kerberos
- Passing Kerberos ticket as parameter in SOAP web service call
- Spring security kerberos validate token error
- Hadoop Kerberos security
- Authenticate scripts on HDFS using key.tab file
- Making my own Kerberos Authentication Ticket
Related Questions in JAAS
- camunda-webapp and JAAS-authentication
- Wildfly custom login module never gets executed?
- Passing Kerberos ticket as parameter in SOAP web service call
- JWT JAAS - how to get the JWT in WebSocket header?
- JBoss AS 7 Custom Login Module never called
- JAAS get User information
- Principal object is anonymous JAAS security
- JBoss - not working the next day
- Deploy Security Domain on Jboss
- SASL configuration failed: unable to find RemotingLoginModule in Arquillian integration test
Related Questions in RENEWAL
- Application is not recognized by Game Center after iOS Certificate renewal
- Add UDID's to developer account after reaches 100 count
- How to get the WooCommerce Subscription parent ID in the renewal order admin email?
- How to update a class attribute when an instance attribute changes?
- iOS Developer Enterprise Program membership Renewal Before Expiration
- MySQL: How to select (count renewal bookings & count of all bookings) for each room?
- letsencrypt renewal fails ubuntu server (LAMPP installation)
- OAuth 2.0 access_token renewable
- Jaas - Requesting Renewable Kerberos Tickets
- How can I run cmd command to renew Kerberos ticket in python
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
As of JDK7 (1.7.0_55), JAAS
Krb5LoginModuledoes not provide any option to request a renewable TGT when authenticating, so this is not currently possible using JAAS. You might be able to achieve this, but you would need to use the internal Kerberos classes directly, bypassing JAAS.Internally,
Krb5LoginModuleinstantiates asun.security.krb5.KrbAsReqBuilderto obtain credentials using either a provided password, or a keyTab.KrbAsReqBuilderhas asetOptions(KDCOptions options)method, but this is not called in the login module. If it could be accessed, you could callKDCOptions#set(KDCOptions.RENEWABLE, true), and I would then expect the returned ticket to be renewable, if the KDC is configured to allow renewable tickets.