Example 11 with KeyTab
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class KDC method writeKtab.
/**
* Writes or appends keys into a keytab.
* <p>
* Attention: This is the most basic one of a series of methods below on
* keytab creation or modification. All these methods reference krb5.conf
* settings. If you need to modify krb5.conf or switch to another krb5.conf
* later, please call <code>Config.refresh()</code> again. For example:
* <pre>
* kdc.writeKtab("/etc/kdc/ktab", true); // Config is initialized,
* System.setProperty("java.security.krb5.conf", "/home/mykrb5.conf");
* Config.refresh();
* </pre>
* Inside this method there are 2 places krb5.conf is used:
* <ol>
* <li> (Fatal) Generating keys: EncryptionKey.acquireSecretKeys
* <li> (Has workaround) Creating PrincipalName
* </ol>
* @param tab the keytab file name
* @param append true if append, otherwise, overwrite.
* @param names the names to write into, write all if names is empty
*/
public void writeKtab(String tab, boolean append, String... names) throws IOException, KrbException {
KeyTab ktab = append ? KeyTab.getInstance(tab) : KeyTab.create(tab);
Iterable<String> entries = (names.length != 0) ? Arrays.asList(names) : passwords.keySet();
for (String name : entries) {
char[] pass = passwords.get(name);
int kvno = 0;
if (Character.isDigit(pass[pass.length - 1])) {
kvno = pass[pass.length - 1] - '0';
}
PrincipalName pn = new PrincipalName(name, name.indexOf('/') < 0 ? PrincipalName.KRB_NT_UNKNOWN : PrincipalName.KRB_NT_SRV_HST);
ktab.addEntry(pn, getSalt(pn), pass, kvno, true);
}
ktab.save();
}
Also used :
KeyTab(sun.security.krb5.internal.ktab.KeyTab)
Example 12 with KeyTab
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class MoreKvno method main.
public static void main(String[] args) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
// Rewrite keytab, 3 set of keys with different kvno
KeyTab ktab = KeyTab.create(OneKDC.KTAB);
p = new PrincipalName(OneKDC.SERVER + "@" + OneKDC.REALM, PrincipalName.KRB_NT_SRV_HST);
ktab.addEntry(p, "pass1".toCharArray(), 1, true);
ktab.addEntry(p, "pass3".toCharArray(), 3, true);
ktab.addEntry(p, "pass2".toCharArray(), 2, true);
ktab.save();
char[] pass = "pass2".toCharArray();
kdc.addPrincipal(OneKDC.SERVER, pass);
go(OneKDC.SERVER, "com.sun.security.jgss.krb5.accept", pass);
pass = "pass3".toCharArray();
kdc.addPrincipal(OneKDC.SERVER, pass);
// "server" initiate also, check pass2 is used at authentication
go(OneKDC.SERVER, "server", pass);
try {
pass = "pass4".toCharArray();
kdc.addPrincipal(OneKDC.SERVER, pass);
go(OneKDC.SERVER, "com.sun.security.jgss.krb5.accept", pass);
throw new Exception("This test should fail");
} catch (GSSException gsse) {
// Since 7197159, different kvno is accepted, this return code
// will never be thrown out again.
//KrbException ke = (KrbException)gsse.getCause();
//if (ke.returnCode() != Krb5.KRB_AP_ERR_BADKEYVER) {
// throw new Exception("Not expected failure code: " +
// ke.returnCode());
//}
}
}
Also used :
GSSException(org.ietf.jgss.GSSException)
KeyTab(sun.security.krb5.internal.ktab.KeyTab)
PrincipalName(sun.security.krb5.PrincipalName)
GSSException(org.ietf.jgss.GSSException)
KrbException(sun.security.krb5.KrbException)
Example 13 with KeyTab
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class W83 method main.
public static void main(String[] args) throws Exception {
W83 x = new W83();
// Cannot use OneKDC. kinit command cannot resolve
// hostname kdc.rabbit.hole
KDC kdc = new KDC(OneKDC.REALM, "127.0.0.1", 0, true);
kdc.addPrincipal(OneKDC.USER, OneKDC.PASS);
kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
KDC.saveConfig(OneKDC.KRB5_CONF, kdc);
System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF);
Config.refresh();
kdc.writeKtab(OneKDC.KTAB);
KeyTab ktab = KeyTab.getInstance(OneKDC.KTAB);
for (int etype : EType.getBuiltInDefaults()) {
if (etype != EncryptedData.ETYPE_ARCFOUR_HMAC) {
ktab.deleteEntries(new PrincipalName(OneKDC.USER), etype, -1);
}
}
ktab.save();
if (System.getProperty("6932525") != null) {
// For 6932525 and 6951366, make sure the etypes sent in 2nd AS-REQ
// is not restricted to that of preauth
kdc.setOption(KDC.Option.ONLY_RC4_TGT, true);
}
if (System.getProperty("6959292") != null) {
// For 6959292, make sure that when etype for enc-part in 2nd AS-REQ
// is different from that of preauth, client can still decrypt it
kdc.setOption(KDC.Option.RC4_FIRST_PREAUTH, true);
}
x.go();
}
Also used :
KeyTab(sun.security.krb5.internal.ktab.KeyTab)
PrincipalName(sun.security.krb5.PrincipalName)
Example 14 with KeyTab
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class FileKeyTab method check.
static void check(String file) throws Exception {
System.out.println("Checking for " + file + "...");
KeyTab kt2 = KeyTab.getInstance(file);
if (kt2.isMissing()) {
throw new Exception("FILE:ktab cannot be loaded");
}
}
Also used :
KeyTab(sun.security.krb5.internal.ktab.KeyTab)
Aggregations
KeyTab (sun.security.krb5.internal.ktab.KeyTab)10
PrincipalName (sun.security.krb5.PrincipalName)9
KrbException (sun.security.krb5.KrbException)3
GSSException (org.ietf.jgss.GSSException)2
EncryptionKey (sun.security.krb5.EncryptionKey)2
RealmException (sun.security.krb5.RealmException)2
File (java.io.File)1
FileOutputStream (java.io.FileOutputStream)1
IOException (java.io.IOException)1
Field (java.lang.reflect.Field)1
PrivilegedActionException (java.security.PrivilegedActionException)1
HashSet (java.util.HashSet)1
KerberosKey (javax.security.auth.kerberos.KerberosKey)1
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)1
ServiceCreds (sun.security.jgss.krb5.ServiceCreds)1
EncryptedData (sun.security.krb5.EncryptedData)1
Realm (sun.security.krb5.Realm)1
EncTicketPart (sun.security.krb5.internal.EncTicketPart)1
Ticket (sun.security.krb5.internal.Ticket)1
