From 0dd6efaa03fb5419fed4a948c58fb5dc3b4efbd0 Mon Sep 17 00:00:00 2001 From: mguessan Date: Tue, 26 Feb 2013 21:20:41 +0000 Subject: [PATCH] Kerberos: server side login module git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@2063 3d1905a2-6b24-0410-a738-b14d5a86fcbd --- .../http/KerberosLoginConfiguration.java | 34 ++++++++++++++----- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/src/java/davmail/http/KerberosLoginConfiguration.java b/src/java/davmail/http/KerberosLoginConfiguration.java index d501877a..2cb2d196 100644 --- a/src/java/davmail/http/KerberosLoginConfiguration.java +++ b/src/java/davmail/http/KerberosLoginConfiguration.java @@ -28,33 +28,49 @@ import java.util.HashMap; * Custom JAAS login configuration. * Equivalent to the following configuration: * spnego-client { - * com.sun.security.auth.module.Krb5LoginModule required; + * com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true; + * }; + * spnego-server { + * com.sun.security.auth.module.Krb5LoginModule required isInitiator=false useKeyTab=false storeKey=true; * }; *

*/ public class KerberosLoginConfiguration extends Configuration { protected static final Logger LOGGER = Logger.getLogger(KerberosHelper.class); protected static final AppConfigurationEntry[] CLIENT_LOGIN_MODULE; + protected static final AppConfigurationEntry[] SERVER_LOGIN_MODULE; static { - HashMap loginModuleOptions = new HashMap(); + HashMap clientLoginModuleOptions = new HashMap(); if (LOGGER.isDebugEnabled()) { - loginModuleOptions.put("debug", "true"); + clientLoginModuleOptions.put("debug", "true"); } - loginModuleOptions.put("useTicketCache", "true"); - //loginModuleOptions.put("doNotPrompt", "true"); - //loginModuleOptions.put("ticketCache", FileCredentialsCache.getDefaultCacheName()); - //loginModuleOptions.put("refreshKrb5Config", "true"); - //loginModuleOptions.put("storeKey", "true"); - CLIENT_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, loginModuleOptions)}; + clientLoginModuleOptions.put("useTicketCache", "true"); + clientLoginModuleOptions.put("renewTGT", "true"); + //clientLoginModuleOptions.put("doNotPrompt", "true"); + //clientLoginModuleOptions.put("ticketCache", FileCredentialsCache.getDefaultCacheName()); + //clientLoginModuleOptions.put("refreshKrb5Config", "true"); + //clientLoginModuleOptions.put("storeKey", "true"); + CLIENT_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, clientLoginModuleOptions)}; + HashMap serverLoginModuleOptions = new HashMap(); + if (LOGGER.isDebugEnabled()) { + serverLoginModuleOptions.put("debug", "true"); + } + + serverLoginModuleOptions.put("isInitiator", "false"); // acceptor (server) mode + serverLoginModuleOptions.put("useKeyTab", "false"); // do not use credentials stored in keytab file + serverLoginModuleOptions.put("storeKey", "true"); // store credentials in subject + SERVER_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, serverLoginModuleOptions)}; } @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { if ("spnego-client".equals(name)) { return CLIENT_LOGIN_MODULE; + } else if ("spnego-server".equals(name)) { + return SERVER_LOGIN_MODULE; } else { return null; }