Login/Register
Reload Kerberos config in JAVA without restarting JVM
Asked Answered
Solved javatomcatkerberosjaas
A

1

9

The following code is for authenticating to a windows AD server using Java+Kerberos and it works fine-

public class KerberosAuthenticator {
  public static void main(String[] args) {
    String jaasConfigFilePath = "/myDir/jaas.conf";

    System.setProperty("java.security.auth.login.config", jaasConfigFilePath);

    String krb5ConfigFilePath = "/etc/krb5/krb5.conf";
    System.setProperty("java.security.krb5.conf", krb5ConfigFilePath);

    boolean success = auth.KerberosAuthenticator.authenticate("testprincipal", "testpass");

    System.out.println(success);
}
}

The above is a just a test program. The actual code will run in a tomcat webapp. The problem I am facing is, if the krb5.conf file changes, the same is not reflected in the tomcat, if a successful authentication has already happened once with the earlier version of krb5.conf. The new changes reflect only on restart of tomcat.

I want to know if there is a way to specify the JVM to reload the krb5.conf so that it gets the latest changes without restarting the JVM.

Algeria answered 17/9, 2009 at 7:43 Comment(3)
What is your variable auth ? It is undefined.Crimson
Well, this is just a snippet of the code. The "auth" refers to a package which has the "KerberosAuthenticator" class.Algeria
Thanks, I understand now! I was looking for a reusable snippet to do Kerberos login, but I guess I can't use this if KerberosAuthenticator is your custom code.Crimson
A
8

refreshKrb5Config=true should be set for the KRB5LoginModule in jaas.conf.

Algeria answered 17/9, 2009 at 7:53 Comment(1)
Thanks a lot ! You really saved my dayAshaashamed

© 2022 - 2024 — McMap. All rights reserved.