I'm writing an application that needs to take logins in the form of DOMAIN\user, but then turn around and authenticate to a Kerberos service. I use a JAAS LoginContext using the Krb5LoginModule for that which seems to expect the user names in user@KERBEROS.REALM format. Is there a way to get that mapping programmatically or from a config file? Alternatively, is there a way to get JAAS to accept "Windows-style" user names?
问问题
1250 次
1 回答
1
Domain\user是 Windows 2000 之前的版本。您应该真正坚持使用 UPN 样式的登录。Kerberos 5 模块仅接受 Kerberos UPN。您是否可以让客户端直接发送 kerberos 票证?
你这个答案作为一个起点。搜索 nETBIOSName,您将找到 dnsRoot 属性。把那个大写,你就有了你的 Kerberos 领域。请注意,这些属性在 GC 中不可用,而仅在正常模式下可用,因此您可能需要遵循引用。
于 2012-09-26T18:32:44.957 回答