请帮我解决一个 kerberos+Java 问题。我有一个简单的 Java 程序,可以使用 Kerberos 对 Windows Active Directory 进行身份验证。下面的java代码工作正常,没有任何问题并打印true-
public class KerberosAuthenticator {
public static void main(String[] args) {
String jaasConfigFilePath = "/myDir/jaas.conf";
System.setProperty("java.security.auth.login.config", jaasConfigFilePath);
System.setProperty("java.security.krb5.realm", "ENG.TEST.COM");
System.setProperty("java.security.krb5.kdc","winsvr2003r2.eng.test.com");
boolean success = auth.KerberosAuthenticator.authenticate("testprincipal", "testpass");
System.out.println(success);
}
}
但是,当我指定 krb5.conf 文件的路径而不是手动指定领域和 kdc 时,它会错误提示“空领域名称 (601) - 未指定默认领域”。以下是代码-
public class KerberosAuthenticator {
public static void main(String[] args) {
String jaasConfigFilePath = "/myDir/jaas.conf";
System.setProperty("java.security.auth.login.config", jaasConfigFilePath);
String krb5ConfigFilePath = "/etc/krb5/krb5.conf";
System.setProperty("java.security.krb5.conf", krb5ConfigFilePath);
boolean success = auth.KerberosAuthenticator.authenticate("testprincipal", "testpass");
System.out.println(success);
}
}
krb5.conf的内容如下-
[libdefault]
default_realm = ENG.TEST.COM
[realms]
ENG.TEST.COM = {
kdc = winsvr2003r2.eng.test.com
kpasswd_server = winsvr2003r2.eng.test.com
admin_server = winsvr2003r2.eng.test.com
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
.eng.test.com = ENG.TEST.COM
eng.test.com = ENG.TEST.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
period = 1d
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable = true
}