0 Replies Latest reply on Nov 2, 2006 6:32 AM by ramesh s

    NTLM Handshake(NegotiateKerberos)

    ramesh s Newbie

      I have a windows network (samba domain controller which intern uses the flat file system for datastore), I wanted my j2ee web application to authenticate using NegotiateKerberos. so i followed http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos link to setup the test application. But i suppose
      NTLM Handshake is not happening, So i think there is some problem in my configuration settings. Basically handle method inside "AdvancedWebCallbackHandler.java" is not getting called.
      When i start Jboss i see following logs which suggest CallbackHandler is configured properly but it is not getting called.

      DEBUG [ServiceConfigurator] CallbackHandlerClassName set to org.jboss.web.tomcat.security.AdvancedWebCallbackHandler in jboss.security:service=JaasSecurityManager



      Can someone please suggest what may be the problem? I am pasting all the configuration settings below.

      My configuration setup as follows:

      Windows network domain name is LK
      Samba domain controller ip 192.168.1.7



      /conf/jboss-service.xml

      <!-- JAAS security manager and realm mapping -->

      <mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="jboss.security:service=JaasSecurityManager"
      <attribute name="CallbackHandlerClassName" org.jboss.web.tomcat.security.AdvancedWebCallbackHandler
      <attribute name="SecurityManagerClassName" org.jboss.security.plugins.JaasSecurityManager
      <attribute name="DefaultUnauthenticatedPrincipal" anonymous
      <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
      in seconds.
      If you want to disable caching of security credentials, set this to 0 to
      force authentication to occur every time. This has no affect if the
      AuthenticationCacheJndiName has been changed from the default value.
      -->
      <attribute name="DefaultCacheTimeout" 1800
      <!-- DefaultCacheResolution: Specifies the default timed cache policy
      resolution in seconds. This controls the interval at which the cache
      current timestamp is updated and should be less than the DefaultCacheTimeout
      in order for the timeout to be meaningful. This has no affect if the
      AuthenticationCacheJndiName has been changed from the default value.
      -->
      <attribute name="DefaultCacheResolution" 60
      /mbean>


      /conf/login-config.xml

      <!-- SPNEGO test -->
      <application-policy name = "SPNEGO">

      <login-module code="org.jboss.security.auth.NegotiateLoginModule" flag = "required">
      <module-option name="loadBalance">false</module-option>
      <module-option name="domainController">192.168.1.7</module-option>
      <module-option name="defaultDomain">LK</module-option>
      </login-module>

      </application-policy>

      /WEB-INF/web.xml

      <login-config>
      <auth-method>Negotiate</auth-method>
      <realm-name>SPNEGO</realm-name>
      </login-config>
      <security-role>
      <role-name>LK</role-name>
      </security-role>


      WEB-INF/jboss-web.xml


      <jboss-web>
      <security-domain>java:/jaas/SPNEGO</security-domain>
      </jboss-web>

      WEB-INF/context.xml

      <Context
      <Valve className="org.jboss.web.tomcat.security.HttpServletRequestResponseValve"
      /Context>



      Thanks
      Ramesh S