private String generateTicket() throws GSSException { final GSSManager manager = GSSManager.getInstance(); // Oid for kerberos principal name Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1"); Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2"); final GSSName clientName = manager.createName(principal, krb5PrincipalOid); final GSSCredential clientCred = manager.createCredential(clientName, 8 * 3600, KERB_V5_OID, GSSCredential.INITIATE_ONLY); final GSSName serverName = manager.createName(principal, krb5PrincipalOid); final GSSContext context = manager.createContext(serverName, KERB_V5_OID, clientCred, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestConf(false); context.requestInteg(true); final byte[] outToken = context.initSecContext(new byte[0], 0, 0); StringBuffer outputBuffer = new StringBuffer(); outputBuffer.append("Negotiate "); outputBuffer.append(Bytes.toString(Base64.getEncoder().encode(outToken))); System.out.print("Ticket is: " + outputBuffer); return outputBuffer.toString(); }
result.requestConf(true); result.requestInteg(true); result.requestCredDeleg(false);
result.requestConf(true); result.requestInteg(true); result.requestCredDeleg(false);
if (current == QOP.AUTH_CONF) { saslGssapi.trace("Requesting confidentiality"); gssContext.requestConf(true); break;
GSSManager manager = GSSManager.getInstance(); GSSName clientName = manager.createName("clientUser", GSSName.NT_USER_NAME); GSSCredential clientCred = manager.createCredential(clientName, 8 * 3600, createKerberosOid(), GSSCredential.INITIATE_ONLY); GSSName serverName = manager.createName("http@server", GSSName.NT_HOSTBASED_SERVICE); GSSContext context = manager.createContext(serverName, createKerberosOid(), clientCred, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestConf(false); context.requestInteg(true); byte[] outToken = context.initSecContext(new byte[0], 0, 0); System.out.println(new BASE64Encoder().encode(outToken)); context.dispose();
private String generateTicket() throws GSSException { final GSSManager manager = GSSManager.getInstance(); // Oid for kerberos principal name Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1"); Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2"); final GSSName clientName = manager.createName(principal, krb5PrincipalOid); final GSSCredential clientCred = manager.createCredential(clientName, 8 * 3600, KERB_V5_OID, GSSCredential.INITIATE_ONLY); final GSSName serverName = manager.createName(principal, krb5PrincipalOid); final GSSContext context = manager.createContext(serverName, KERB_V5_OID, clientCred, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestConf(false); context.requestInteg(true); final byte[] outToken = context.initSecContext(new byte[0], 0, 0); StringBuffer outputBuffer = new StringBuffer(); outputBuffer.append("Negotiate "); outputBuffer.append(Base64.encodeBytes(outToken).replace("\n", "")); System.out.print("Ticket is: " + outputBuffer); return outputBuffer.toString(); }
/** * Create a GSS Context from a clients point of view. * @param server the name of the host for which the GSS Context is being created * @return the GSS Context that a client can use to exchange security tokens for * a secure channel, then wrap()/unpack() messages. */ @Function public static GSSContext createClientGSSContext(String server) { try { GSSManager manager = GSSManager.getInstance(); GSSName serverName = manager.createName(server, null); GSSContext context = manager.createContext(serverName, krb5Oid, null, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); // Mutual authentication context.requestConf(true); // Will use encryption later context.requestInteg(true); // Will use integrity later return context; } catch (GSSException ex) { throw new RuntimeException("Exception creating client GSSContext", ex); } }
result.requestConf(true); result.requestInteg(true); result.requestCredDeleg(false);
@Override public final void start() throws Exception { try { context = createContext(); context.requestMutualAuth(true); context.requestConf(false); context.requestInteg(false); byte[] empty = new byte[0]; token = context.initSecContext(empty, 0, 0); } catch (Exception e) { close(); throw e; } }
GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(false); // Mutual authentication context.requestConf(false); // Will use confidentiality later context.requestInteg(true); // Will use integrity later
result.requestConf(true); result.requestInteg(true); result.requestCredDeleg(false);
result.requestConf(true); result.requestInteg(true); result.requestCredDeleg(false);
result.requestConf(true); result.requestInteg(true); result.requestCredDeleg(false);
result.requestConf(true); result.requestInteg(true); result.requestCredDeleg(false);
_context.requestConf(true); _context.requestInteg(true); // for MIC _context.requestCredDeleg(true);
Kerb5Context ( String host, String service, String name, int userLifetime, int contextLifetime, String realm ) throws GSSException { GSSManager manager = GSSManager.getInstance(); GSSCredential clientCreds = null; Oid mechOid = JGSS_KRB5_MECH_OID; if ( realm != null ) { this.serviceName = manager.createName(service + "/" + host + "@" + realm, JGSS_KRB5_NAME_OID, mechOid); } else { this.serviceName = manager.createName(service + "@" + host, GSSName.NT_HOSTBASED_SERVICE, mechOid); } if ( log.isDebugEnabled() ) { log.debug("Service name is " + this.serviceName); } if ( name != null ) { this.clientName = manager.createName(name, GSSName.NT_USER_NAME, mechOid); clientCreds = manager.createCredential(this.clientName, userLifetime, mechOid, GSSCredential.INITIATE_ONLY); } else { this.clientName = null; } this.gssContext = manager.createContext(this.serviceName, mechOid, clientCreds, contextLifetime); this.gssContext.requestAnonymity(false); this.gssContext.requestSequenceDet(false); this.gssContext.requestConf(false); this.gssContext.requestInteg(false); this.gssContext.requestReplayDet(false); // per spec these should be set this.gssContext.requestMutualAuth(true); this.gssContext.requestCredDeleg(true); }
Kerb5Context ( String host, String service, String name, int userLifetime, int contextLifetime, String realm ) throws GSSException { GSSManager manager = GSSManager.getInstance(); GSSCredential clientCreds = null; Oid mechOid = JGSS_KRB5_MECH_OID; if ( realm != null ) { this.serviceName = manager.createName(service + "/" + host + "@" + realm, JGSS_KRB5_NAME_OID, mechOid); } else { this.serviceName = manager.createName(service + "@" + host, GSSName.NT_HOSTBASED_SERVICE, mechOid); } if ( log.isDebugEnabled() ) { log.debug("Service name is " + this.serviceName); } if ( name != null ) { this.clientName = manager.createName(name, GSSName.NT_USER_NAME, mechOid); clientCreds = manager.createCredential(this.clientName, userLifetime, mechOid, GSSCredential.INITIATE_ONLY); } else { this.clientName = null; } this.gssContext = manager.createContext(this.serviceName, mechOid, clientCreds, contextLifetime); this.gssContext.requestAnonymity(false); this.gssContext.requestSequenceDet(false); this.gssContext.requestConf(false); this.gssContext.requestInteg(false); this.gssContext.requestReplayDet(false); // per spec these should be set this.gssContext.requestMutualAuth(true); this.gssContext.requestCredDeleg(true); }
context.requestConf(true); context.requestMutualAuth(true); context.requestReplayDet(true);
private Kerb5Context createContext(String host) throws GSSException{ Kerb5Context kerb5Context = new Kerb5Context( host, service, user, userLifetime, contextLifetime ); kerb5Context.getGSSContext().requestAnonymity(false); kerb5Context.getGSSContext().requestSequenceDet(false); kerb5Context.getGSSContext().requestMutualAuth(false); kerb5Context.getGSSContext().requestConf(false); kerb5Context.getGSSContext().requestInteg(false); kerb5Context.getGSSContext().requestReplayDet(false); return kerb5Context; }
context.requestConf(true); context.requestInteg(true);