Discussions
Categories
- 382.3K All Categories
- 2.1K Data
- 209 Big Data Appliance
- 1.9K Data Science
- 448K Databases
- 221K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 25 Multilingual Engine
- 520 MySQL Community Space
- 467 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 492 SQLcl
- 3.9K SQL Developer Data Modeler
- 186.2K SQL & PL/SQL
- 21K SQL Developer
- 293.3K Development
- 7 Developer Projects
- 128 Programming Languages
- 290K Development Tools
- 95 DevOps
- 3K QA/Testing
- 645.5K Java
- 24 Java Learning Subscription
- 36.9K Database Connectivity
- 149 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.9K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 16 Java Essentials
- 144 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 198 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 266 LiveLabs
- 36 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 166 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 230 Portuguese
Java Kerberos authentication using Active Directory User Principal Name
I'm trying to switch from Simple LDAP authentication to GSSAPI authentication.
I'm using Krb5LoginModule to perform the authentication when setting username to user's UPN which looks like [email protected] where suffix is not domain name.
Authentication fails as Krb5LoginModule assumes that the name format is [email protected]
Is there any option to pass the username which contains @ to the Krb5LoginModule so it will use the full user name without extracting realm from the username?
Using samAccountName works but I don't have user's samAccountName but UPN.
User logon to Windows works using UPN and the only difference I see in the network captures is that during Windows login name-type which is used is KRB5-NT-ENTERPRISE-PRINCIPAL and KerberosString includes full UPN name as opposite to KRB5-NT-PRINCIPAL and KerberosString with truncated UPN name sent by Java.