Skip to content

Instantly share code, notes, and snippets.

@wjsl

wjsl/jaas.conf

Created March 17, 2016 20:12
Show Gist options
  • Save wjsl/08fc3963c33a6f826ab0 to your computer and use it in GitHub Desktop.
Save wjsl/08fc3963c33a6f826ab0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
jaas.conf
SampleClient {
com.sun.security.auth.module.Krb5LoginModule required
debug=true
useTicketCache=true
doNotPrompt=true
renewTGT=true
;
};
Raw
krb.java
import com.sun.security.auth.callback.TextCallbackHandler;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* Created by bill on 3/17/16.
*/
public class krb {
public static void main(String[] args) throws Exception {
LoginContext lc = new LoginContext("SampleClient", new TextCallbackHandler());
lc.login();
Subject me = lc.getSubject();
Subject.doAs(me, new PrivilegedAction<Void>() {
@Override
public Void run() {
Subject current = Subject.getSubject(AccessController.getContext());
String name = current.getPrincipals().iterator().next().getName();
System.out.println(String.format("Hello, it's me, %s!", name));
return null;
}
});
}
}
@wjsl
Copy link
Author

wjsl commented Mar 17, 2016

  1. compile with javac krb.java
  2. kinit as your favorite user
  3. run with java -Djava.security.auth.login.config=jaas.conf krb

Sample output:

root@vagrant-ubuntu-trusty-64:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: bill/admin@EXAMPLE.COM

Valid starting       Expires              Service principal
03/17/2016 21:18:56  03/18/2016 07:18:56  krbtgt/EXAMPLE.COM@EXAMPLE.COM
    renew until 03/18/2016 21:18:55
root@vagrant-ubuntu-trusty-64:~# kinit bill/admin
Password for bill/admin@EXAMPLE.COM:
root@vagrant-ubuntu-trusty-64:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: bill/admin@EXAMPLE.COM

Valid starting       Expires              Service principal
03/17/2016 21:28:42  03/18/2016 07:28:42  krbtgt/EXAMPLE.COM@EXAMPLE.COM
    renew until 03/18/2016 21:28:41
root@vagrant-ubuntu-trusty-64:~# java -Djava.security.auth.login.config=jaas.conf krb
Debug is  true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is bill/admin@EXAMPLE.COM
Commit Succeeded

Hello, it's me, bill/admin@EXAMPLE.COM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment