Reduced ATS Kerberos configuration requirements.

2006-09-21 21:44:51 +00:00 · 2006-09-21 21:44:51 +00:00 · 45be099b8c
commit 45be099b8c
parent 466357aa0e
3 changed files with 29 additions and 3 deletions
--- a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes
+++ b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Sep 21 15:41:18 MDT 2006 - jluciani@novell.com
+
+- Reduced Kerberos configuration requirements. Now the ATS service
+  principal name defaults to "host" and there is no need to set the
+  "javax.security.auth.useSubjectCredsOnly" system property to "false"
+  in the JAVA_OPTS. 
+
 -------------------------------------------------------------------
 Mon Sep 18 11:18:00 MDT 2006 - jluciani@novell.com

--- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java
+++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java
@ -44,6 +44,10 @@ public class AuthMechConfig
   public final static String ClassName = "ClassName";
   public final static String RelativeClassPath = "RelativeClassPath";
   public final static String ClassPath = "ClassPath";
+   public final static String Krb5ServicePrincipalName = "ServicePrincipalName";
+
+   // Default configuration values
+   private String m_defaultKrb5ServicePrincipalNameValue = "host";

   private Map m_mechSettingsMap;

@ -245,7 +249,19 @@ public class AuthMechConfig
      String value = (String) m_mechSettingsMap.get(settingName);
      if (value == null)
      {
+
         System.err.println("AuthMechConfig.getSetting()- Did not find setting " + settingName);
+
+         // The setting is not in our map, check if it is one to
+         // which we have defaults.
+         if (settingName.equals(Krb5ServicePrincipalName) == true)
+         {
+            value = m_defaultKrb5ServicePrincipalNameValue;
+            System.err.println("AuthMechConfig.getSetting()- Assigning default value " + value);
+
+            // Add the key to the map so that it can be found quicker next time
+            m_mechSettingsMap.put(Krb5ServicePrincipalName, m_defaultKrb5ServicePrincipalNameValue);
+         }
      }
      else
      {
--- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java
+++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java
@ -60,8 +60,6 @@ import org.bandit.ia.IAContext;
 */
 public class Krb5Authenticate implements AuthMechanism, Serializable
 {
-   private static final String ServicePrincipalNameSetting = "ServicePrincipalName";
-
   private SvcConfig       m_svcConfig;
   private AuthMechConfig  m_mechConfig;

@ -138,11 +136,15 @@ public class Krb5Authenticate implements AuthMechanism, Serializable
      m_svcConfig = svcConfig;
      m_mechConfig = mechConfig;

-      String servicePrincipal = mechConfig.getSetting(ServicePrincipalNameSetting);
+      String servicePrincipal = mechConfig.getSetting(AuthMechConfig.Krb5ServicePrincipalName);
      if (servicePrincipal != null)
      {
         try
         {
+            // Make sure that the system property "javax.security.auth.useSubjectCredsOnly"
+            // is set to "false" to avoid having to utilize JAAS (at least if using IBM's JVM)
+            System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+
            // Initalize our GSS variables
            //
            // Get an instance of the default GSSManager