Open Arulanand opened 7 years ago
To make it work with Kerberos added the below code with authorization policy. This based on the cfx documentation - http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
case AuthSchemes.KERBEROS:
AsyncHTTPConduit kerberosConduit = (AsyncHTTPConduit) client.getConduit();
AuthorizationPolicy keberosPolicy = new AuthorizationPolicy();
keberosPolicy.setAuthorizationType(HttpAuthHeader.AUTH_TYPE_NEGOTIATE);
keberosPolicy.setAuthorization("WINRM4JClient");
keberosPolicy.setUserName(username);
keberosPolicy.setPassword(password);
kerberosConduit.setAuthorization(keberosPolicy);
if (disableCertificateChecks) {
TLSClientParameters tlsClientParameters = disableCertificates();
kerberosConduit.setTlsClientParameters(tlsClientParameters);
}
if (hostnameVerifier != null) {
TLSClientParameters tlsClientParameters = disableHostName();
kerberosConduit.setTlsClientParameters(tlsClientParameters);
}
HTTPClientPolicy kerberosPolicy = new HTTPClientPolicy();
kerberosPolicy.setAllowChunking(false);
kerberosPolicy.setReceiveTimeout(receiveTimeout);
kerberosConduit.setClient(kerberosPolicy);
kerberosConduit.getClient().setAutoRedirect(true);
break;
//End of Case statement.
JAAS.CONF
WINRM4JClient{
com.sun.security.auth.module.Krb5LoginModule required
client=TRUE
useTicketCache=true;
};
Hi @Arulanand , It would be benefitial for everyone using winrm4j if you contribute your code to master branch. What do you think, would you like to make a PR. I am happy to help doing that.
Hi @Arulanand
I'm observing the same 'Authorization loop' error while running winrm4j with Kerberos authentication. I am able to connect successfully using Basic authorization + allowUnencrypted=true on both client/server.
Can you please elaborate on the changes you made to your code + winrm settings on client/server ? Did you update the case statement in the winrm4j code & rebuild it for your application ?
@bostko I'm also facing the exact same issue that @Arulanand saw with Kerberos authentication working when system property -Djavax.security.auth.useSubjectCredsOnly=false is enabled and fails, otherwise. Are the changes suggested by @Arulanand planned to be included in the next release? I'm using v0.5.0. @Arulanand Can you please share that updated class/code which has the change that you have mentioned in the above comment? Just want to reuse tried and tested code. :)
Is there any plan to update this library for Kerberos? I did the changes as suggested by Arulanand and apparently did not work and seeing same authorization loop error as posted by others. It would be nice to have the updated library if the changes as suggested above are working.
I am trying to use winrm4j to execute commands as a part of larger service with kerberos authentication. I am getting below error when i run the program from Linux Server with the below command. java -jar -Djava.security.auth.login.config=login.conf play.jar
login.conf
Client Code
If run the same jar with system property -Djavax.security.auth.useSubjectCredsOnly=false enabled it prompts for user id and password. If i enter the program completes successfully. The way i am going to use winrm4j in the larger service this is not possible. Can you please share any pointers for the execution of command without prompting for user id and password.