Can the library use windows ticket cache to fetch the currently logged in user's credentials?

[d3athwarrior]

I have a spring security kerberos secured web server.

I am working on a Swing based client for which I have the following requirement:

1. The application should not prompt the user for credentials
2. Whichever user is a valid AD user and has logged in to a machine, their credentials should be used for getting a ticket

If this library is not capable of doing so then any pointers in the direction that this can be achieved will be appreciated.

Things that I have tried to look into as an alternative:

1. Java GSS-API - it prompts the user for username and password despite setting -Dsun.security.jgss.native=true

[bedrin]

Hi!

Windows ticket cache is out of scope for Kerb4J I'm afraid.

Java 13 introduced built-in support in the JDK for Windows' own GSS API (SSPI).
It was backported to Java 11.0.10 - I suggest you updating your JDK if you Java is older.

If you can change the registry, consider setting allowtgtsessionkey to 1 as described here.

If it doesn't work (I haven't tried it myself but have seen controversial reviews on the Internet) you can also try 3rd-party solutions like Waffle - again I haven't tried it myself.

Hope it helps.

[d3athwarrior]

Hi,

I am on the latest release of JDK 11 which supposedly has the patch back ported but I can't seem to get it working, I know it's something I'll have to figure on my own.

I did look into the allowTGTsession key approach but doing it on many client machines doesn't seem like a sensible option.

Yes i did look into waffle as well but wasn't able to wrap my head around it completely. Again, thats gotta be something I'll have to dig into.

Thank you. I'll close the ticket.
Cheers.

[bedrin]

If you manage to get it working and share your setup I'll be happy to add it to some FAQ section.