How to communicate with two different KDC servers from single Java client program using Java GSS-API and Kerberos 5?

huangapple go评论74阅读模式
英文:

How to communicate with two different KDC servers from single Java client program using Java GSS-API and Kerberos 5?

问题

我正在使用带有Kerberos的Java GSS-API进行安全认证。我实现了示例服务器(Sample Server)和示例客户端(Sample Client)程序,客户端能够成功进行身份验证并从服务器获取服务。对于这些示例程序,我通过Java系统属性(java.security.krb5.kdc)传递了KDC地址。现在的问题是,我希望从单个客户端程序连接到两个不同的KDC服务器,以访问多个服务。通过系统属性,我们只能传递一个KDC服务器地址。如何在单个客户端程序中连接到多个KDC服务器?

英文:

I am using Java GSS-API with Kerberos for secure Authentication. I implemented sample Server and sample Client programs, and Client is able to successfully authenticate and get the service from Server. For these sample programs I passed the KDC address through Java System Property (java.security.krb5.kdc). Now the problem is that I want to connect to two different KDC Servers from single Client program to access multiple services. Through system property we can pass only one KDC Server address. How can I connect to multiple KDC Servers from a single Client program?

答案1

得分: 0

你可以使用KRB5配置文件指定多个域条目和相应的KDCs。

[libdefaults]
default_realm = A1.LOCAL
default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc

[realms]
A1.LOCAL  = {
   kdc = ADA1.A1.LOCAL
}

B1.LOCAL = {
   kdc = ADB1.B1.LOCAL
}

[domain_realm]
a1.local=A1.LOCAL
    .a1.local=A1.LOCAL
b1.local=B1.LOCAL
.b1.local=B1.LOCAL

不需要逐个设置每个属性,只需将此文件作为配置提供给您的程序。您可以使用以下方式进行设置:System.setProperty("java.security.krb5.conf", krb5ConfigFilePath);

英文:

You can specify multiple domain entries and corresponding KDCs using KRB5 config file.

[libdefaults]
default_realm = A1.LOCAL
default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc

[realms]
A1.LOCAL  = {
   kdc = ADA1.A1.LOCAL
}

B1.LOCAL = {
   kdc = ADB1.B1.LOCAL
}

[domain_realm] 
a1.local=A1.LOCAL
    .a1.local=A1.LOCAL
b1.local=B1.LOCAL
.b1.local=B1.LOCAL

Instead of setting each property separately, provide this file as a configuration to your program. This can be done using - System.setProperty("java.security.krb5.conf", krb5ConfigFilePath);

huangapple
  • 本文由 发表于 2020年9月9日 20:00:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/63811226.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定