RE: Tomcat 7.0.96 - Issue with Kerberos Authentication

Mon, 23 Sep 2019 03:40:42 -0700 

Hello Mark,

Is this the correct discussion thread : 
https://www.mail-archive.com/users@tomcat.apache.org/msg132812.html

Thanks,
Vipul

-----Original Message-----
From: Mark Thomas <ma...@apache.org> 
Sent: Wednesday, September 18, 2019 7:07 PM
To: dev@tomcat.apache.org
Subject: Re: Tomcat 7.0.96 - Issue with Kerberos Authentication

This is a question for the users list.

And a review of the recent archives for that list will find a similar question 
along with a solution.

Mark


On 18/09/2019 11:35, Mehta, Vipul wrote:
> In case of Kerberos authentication of user with tomcat webapp via 
> browser, we are facing issue with following class in tomcat version 7.0.96:
> 
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> ub.com%2Fapache%2Ftomcat%2Fblob%2F7.0.x%2Fjava%2Forg%2Fapache%2Fcatali
> na%2Fconnector%2FRequest.java&amp;data=02%7C01%7Cvmehta%40informatica.
> com%7Ce54a477b0a9b43cb823108d73c3d49b5%7C2638f43ef77d4fc7ab927b753b787
> 6fd%7C0%7C1%7C637044106235837509&amp;sdata=lVVR0J3Nx0uQdOlbrHI4a6b3n8M
> G6cxHRHH%2BHU8nkAI%3D&amp;reserved=0
> 
>  
> 
> public Principal getUserPrincipal()
> 
> => return ((GenericPrincipal) userPrincipal).getUserPrincipal(); 
> #LINE-2650
> 
>  
> 
> This returns javax.security.auth.kerberos.KerberosPrincipal instance 
> using which it is not possible to get the actual delegated credential.
> 
> Shouldn't it simply return GenericPrincipal instance which contains 
> KerberosPrincipal as well as delegated GSSCredential ?
> 
>  
> 
> We are using following realm config in server.xml:
> 
> <Realm allRolesMode="authOnly" appName="Tomcat"
> className="org.apache.catalina.realm.JAASRealm"
> roleClassNames="org.apache.catalina.realm.GenericPrincipal"
> stripRealmForGss="false" useContextClassLoader="false"
> userClassNames="org.apache.catalina.realm.GenericPrincipal,
> javax.security.auth.kerberos.KerberosPrincipal"/>
> 
>  
> 
>  
> 
> Thanks,
> 
> Vipul
> 
>  
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional 
commands, e-mail: dev-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to