Re: Java HTTP client doesn't work with Heimdal ccache file

[Michael B Allen <mba2000@ioplex.com>]

On Fri, 1 Sep 2006 13:54:10 +0200
Love Hörnquist Åstrand <lha@kth.se> wrote:

> 
> 1 sep 2006 kl. 06.51 skrev Michael B Allen:
> 
> > I have a minimalistic HTTP client based on a stripped down XML-RPC
> > example on the SU.SE site (thanks Love). If I kinit using Java's
> > kinit it works. If I use Heimdal's kinit the Krb5LogonModule calls
> > Credential.getTGTFromCache which returns null resulting in the "null
> > credentials from Ticket Cache" message. I'm prompted for my user and
> > pass which if entered successfully gets a TGT and the HTTP request  
> > works.
> >
> > I haven't had a chance to check the binary differences between the two
> > credential files but is this a known problem? I haven't had any luck
> > googling an answer.
> 
> You should check that the enctype are those that java support on your  
> krbtgt,
> other then that, I've not heard about interop problems with the cred  
> cache.

I think you're right (of course). According to a Java forum post [1]
only Java 1.5 update 7 and above support RC4-HMAC. I was using 1.5 update
6. I have confirmed that 1.5 update 8 does in fact work (although it
was in a totally different enviroment w/o Heimdal).

Thanks,
Mike

[1] http://forum.java.sun.com/thread.jspa?threadID=755465

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/