Thursday, January 17, 2008

Kerberos Authentication

You may use the following code to implement Kerberos Authentication in your applications:

====================================
CompanyKerbLogin.conf
====================================

/**
* Login Configuration for JAAS.
*
* Specify that Kerberos v5 is a required login module for the classes.
*/

CompanyKerbCallbackHandler {
com.sun.security.auth.module.Krb5LoginModule
required
client=TRUE
debug=FALSE
useTicketCache=FALSE;
};

====================================
krb5.conf
====================================

[domain_realms]

.bhatia.company.com = BHATIA.COMPANY.COM
.company.com=COMPANY.COM
bhatia.company.com = BHATIA.COMPANY.COM
company.com=COMPANY.COM


[libdefaults]

default_realm = COMPANY.COM
#dns_lookup_kdc=false
#default_tgs_enctypes = des-cbc-md5
#default_tkt_enctypes = des-cbc-md5


[logging]



[realms]
BHATIA.COMPANY.COM= {
kdc = server2.bhatia.company.com
admin_server = server2.bhatia.company.com
default_domain = bhatia.company.com
}

COMPANY.COM= {
kdc = server01.company.com
admin_server = server01.company.com
default_domain = company.com
}

import javax.security.auth.callback.*;

====================================
CompanyKerbCallbackHandler.java
====================================

/**
* Callback Handler that is used with the KerberosAuthHandler.
*
* Two methods are added to this callback handler which allows the
* KerberosAuthHandler to pass the username and password received
*
*/
public class CompanyKerbCallbackHandler implements CallbackHandler
{

private String CompanyUserId;
private char [] CompanyPassword;

public void handle(Callback[] callbacks)
throws java.io.IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback cb = (NameCallback)callbacks[i];
cb.setName(CompanyUserId);

} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback cb = (PasswordCallback)callbacks[i];
cb.setPassword(CompanyPassword);

} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}

public void setUserId(String userid)
{
CompanyUserId = userid;
}

public void setPassword(String password)
{
CompanyPassword = password.toCharArray();
}
}

This should do the magic for you !! Enjoy Authenticating.

No comments: