This content has been marked as final. Show 3 replies
My guess is that it just does not work here. If you're writing a native application, there are Windows APIs that grabs credentials for itself based on that unknown password (or secret key) of the local system account. But in Java a server side application of JGSS-API uses a keytab to get this credential.
Is it possible for you to config the tomcat server to run with a given account (instead of LocalSystem) and create a keytab for it?
Thanks for your response!
My application is just an authentication module in a bigger application which is not under my control. This application is hosted on Apache Tomcat and provide both the options to run as "LocalSystem" account and domain account. So I have to provide support for both the options.
I am getting increasingly convinced that Java Kerberos module can't handle the authentication for "LocalSystem" account and I need to opt for some Windows Native Apis for that. If that is the case Can someone tell me how can i proceed for that. I have no idea which Windows apis to use for it.
Edited by: Java-Dev-01 on Mar 14, 2010 6:03 AM
The Windows APIs are InitializeSecurityContext, AcquireCredentialsHandle etc etc. Search for them on MSDN for details.
I guess you can wrap them into a JNI library and still write your main program in Java.