public KerberosAuthentication(String principal, String keytabLocation) { requireNonNull(principal, "principal is null"); requireNonNull(keytabLocation, "keytabLocation is null"); Path keytabPath = Paths.get(keytabLocation); checkArgument(exists(keytabPath), "keytab does not exist: " + keytabLocation); checkArgument(isReadable(keytabPath), "keytab is not readable: " + keytabLocation); this.principal = createKerberosPrincipal(principal); this.configuration = createConfiguration(this.principal.getName(), keytabLocation); }
private KerberosTicket getTGT() { Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for (KerberosTicket ticket : tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { log.debug("Found TGT with client principal '{}' and server principal '{}'.", ticket.getClient().getName(), ticket.getServer().getName()); return ticket; } } return null; }
private synchronized KerberosTicket getTGT() { Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for(KerberosTicket ticket: tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { LOG.debug("Client principal is \"" + ticket.getClient().getName() + "\"."); LOG.debug("Server principal is \"" + ticket.getServer().getName() + "\"."); return ticket; } } return null; }
private synchronized KerberosTicket getTGT() { Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for (KerberosTicket ticket : tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { LOG.debug("Found tgt " + ticket + "."); return ticket; } } return null; }
/** * TGS must have the server principal of the form "krbtgt/FOO@FOO". * * @return true or false */ private static boolean isTicketGrantingServerPrincipal(KerberosPrincipal principal) { if (principal == null) { return false; } if (principal.getName().equals("krbtgt/" + principal.getRealm() + "@" + principal.getRealm())) { return true; } return false; } }
private static KerberosTicket getTGT(Subject subject) { Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for (KerberosTicket ticket : tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { return ticket; } } return null; }
/** * TGS must have the server principal of the form "krbtgt/FOO@FOO". * * @param principal the principal to check * @return true if the principal is the TGS, false otherwise */ private boolean isTGSPrincipal(final KerberosPrincipal principal) { if (principal == null) { return false; } if (principal.getName().equals("krbtgt/" + principal.getRealm() + "@" + principal.getRealm())) { if (LOGGER.isTraceEnabled()) { LOGGER.trace("Found TGT principal: " + principal.getName()); } return true; } return false; }
private synchronized KerberosTicket getTGT() { Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for(KerberosTicket ticket: tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { LOG.debug("Client principal is \"" + ticket.getClient().getName() + "\"."); LOG.debug("Server principal is \"" + ticket.getServer().getName() + "\"."); return ticket; } } return null; }
private static KerberosTicket getTGT(Subject subject) { Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for (KerberosTicket ticket : tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { tickets = null; return ticket; } } tickets = null; return null; }
/** * TGS must have the server principal of the form "krbtgt/FOO@FOO". * @param principal * @return true or false */ static boolean isTGSPrincipal(KerberosPrincipal principal) { if (principal == null) return false; if (principal.getName().equals("krbtgt/" + principal.getRealm() + "@" + principal.getRealm())) { return true; } return false; }
@VisibleForTesting void fixKerberosTicketOrder() { Set<Object> creds = getSubject().getPrivateCredentials(); synchronized (creds) { for (Iterator<Object> iter = creds.iterator(); iter.hasNext();) { Object cred = iter.next(); if (cred instanceof KerberosTicket) { KerberosTicket ticket = (KerberosTicket) cred; if (ticket.isDestroyed() || ticket.getServer() == null) { LOG.warn("Ticket is already destroyed, remove it."); iter.remove(); } else if (!ticket.getServer().getName().startsWith("krbtgt")) { LOG.warn( "The first kerberos ticket is not TGT" + "(the server principal is {}), remove and destroy it.", ticket.getServer()); iter.remove(); try { ticket.destroy(); } catch (DestroyFailedException e) { LOG.warn("destroy ticket failed", e); } } else { return; } } } } LOG.warn("Warning, no kerberos ticket found while attempting to renew ticket"); }
KerberosPrincipal.KRB_NT_SRV_HST).getName();
GSSName name = manager.createName(principal.getName(), GSSName.NT_USER_NAME, KERBEROS_V5);
/** * Returns the "Kerberos principal" for the user (as specified in * Section 2.1 of RFC 1964) if they logged in via Kerberos or null if * Kerberos was not used. * @throws IllegalArgumentException if the subject contains multiple * KerberosPrincipal. */ public static String getKerberosName(Subject subject) throws IllegalArgumentException { KerberosPrincipal principal = getUniquePrincipal(subject, KerberosPrincipal.class); return (principal == null) ? null : principal.getName(); }
public KerberosAuthentication(String principal, String keytabLocation) { requireNonNull(principal, "principal is null"); requireNonNull(keytabLocation, "keytabLocation is null"); Path keytabPath = Paths.get(keytabLocation); checkArgument(exists(keytabPath), "keytab does not exist: " + keytabLocation); checkArgument(isReadable(keytabPath), "keytab is not readable: " + keytabLocation); this.principal = createKerberosPrincipal(principal); this.configuration = createConfiguration(this.principal.getName(), keytabLocation); }
private KerberosTicket getTGT() { Set<KerberosTicket> tickets = loginContext.getSubject().getPrivateCredentials(KerberosTicket.class); for (KerberosTicket ticket : tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { log.debug("Found TGT with client principal '{}' and server principal '{}'.", ticket.getClient().getName(), ticket.getServer().getName()); return ticket; } } return null; }
private KerberosTicket getTGT() { Set<KerberosTicket> tickets = loginContext.getSubject().getPrivateCredentials(KerberosTicket.class); for (KerberosTicket ticket : tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { log.debug("Found TGT with client principal '{}' and server principal '{}'.", ticket.getClient().getName(), ticket.getServer().getName()); return ticket; } } return null; }
private synchronized KerberosTicket getTGT() { Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for(KerberosTicket ticket: tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { LOG.debug("Found tgt " + ticket + "."); return ticket; } } return null; }
private static KerberosTicket getTGT(Subject subject) { Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for (KerberosTicket ticket : tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { tickets = null; return ticket; } } tickets = null; return null; }
private static KerberosTicket getTGT(Subject subject) { Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for(KerberosTicket ticket: tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { return ticket; } } return null; }