From 45be099b8cc026bfd8a26900b680727e406168ae Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Thu, 21 Sep 2006 21:44:51 +0000 Subject: [PATCH] Reduced ATS Kerberos configuration requirements. --- .../package/linux/CASA_auth_token_svc.changes | 8 ++++++++ .../novell/casa/authtoksvc/AuthMechConfig.java | 16 ++++++++++++++++ .../novell/casa/authtoksvc/Krb5Authenticate.java | 8 +++++--- 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes index 98e5832c..4106964b 100644 --- a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes +++ b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Sep 21 15:41:18 MDT 2006 - jluciani@novell.com + +- Reduced Kerberos configuration requirements. Now the ATS service + principal name defaults to "host" and there is no need to set the + "javax.security.auth.useSubjectCredsOnly" system property to "false" + in the JAVA_OPTS. + ------------------------------------------------------------------- Mon Sep 18 11:18:00 MDT 2006 - jluciani@novell.com diff --git a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java index 6d08dd58..678f0fb0 100644 --- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java +++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java @@ -44,6 +44,10 @@ public class AuthMechConfig public final static String ClassName = "ClassName"; public final static String RelativeClassPath = "RelativeClassPath"; public final static String ClassPath = "ClassPath"; + public final static String Krb5ServicePrincipalName = "ServicePrincipalName"; + + // Default configuration values + private String m_defaultKrb5ServicePrincipalNameValue = "host"; private Map m_mechSettingsMap; @@ -245,7 +249,19 @@ public class AuthMechConfig String value = (String) m_mechSettingsMap.get(settingName); if (value == null) { + System.err.println("AuthMechConfig.getSetting()- Did not find setting " + settingName); + + // The setting is not in our map, check if it is one to + // which we have defaults. + if (settingName.equals(Krb5ServicePrincipalName) == true) + { + value = m_defaultKrb5ServicePrincipalNameValue; + System.err.println("AuthMechConfig.getSetting()- Assigning default value " + value); + + // Add the key to the map so that it can be found quicker next time + m_mechSettingsMap.put(Krb5ServicePrincipalName, m_defaultKrb5ServicePrincipalNameValue); + } } else { diff --git a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java index 371d97ec..03d887e2 100644 --- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java +++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java @@ -60,8 +60,6 @@ import org.bandit.ia.IAContext; */ public class Krb5Authenticate implements AuthMechanism, Serializable { - private static final String ServicePrincipalNameSetting = "ServicePrincipalName"; - private SvcConfig m_svcConfig; private AuthMechConfig m_mechConfig; @@ -138,11 +136,15 @@ public class Krb5Authenticate implements AuthMechanism, Serializable m_svcConfig = svcConfig; m_mechConfig = mechConfig; - String servicePrincipal = mechConfig.getSetting(ServicePrincipalNameSetting); + String servicePrincipal = mechConfig.getSetting(AuthMechConfig.Krb5ServicePrincipalName); if (servicePrincipal != null) { try { + // Make sure that the system property "javax.security.auth.useSubjectCredsOnly" + // is set to "false" to avoid having to utilize JAAS (at least if using IBM's JVM) + System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); + // Initalize our GSS variables // // Get an instance of the default GSSManager