My configuration is:
login.config:
------
nexj-kerberos-silent {
com.ibm.security.auth.module.Krb5LoginModule required
useDefaultCcache=true debug=true;
};
------
krb5.conf:
------
[libdefaults]
default_realm = NEXJSYSTEMS.LOCAL
default_tkt_enctypes = des-cbc-md5 rc4-hmac
default_tgs_enctypes = des-cbc-md5 rc4-hmac
[realms]
NEXJSYSTEMS.LOCAL = {
kdc = nexj-prd-1.nexjsystems.local
}
EXCHANGE-TEST2.LOCAL = {
kdc = yossi2.exchange-test2.local
}
[domain_realm]
.exchange-test2.local = EXCHANGE-TEST2.LOCAL
.nexjsystems.local = NEXJSYSTEMS.LOCAL
-------
One thing in the debug log looks strange:
-------
[JGSS_DBG_CRED] Done retrieving Kerberos creds from cache
[KRB_DBG_KDC] Credentials:main:Client Name:Administrator
...
[JGSS_DBG_CRED] Admini...@NEXJSYSTEMS.LOCAL added to Subject
-------
The user running the process is indeed Administrator, but it is
Admini...@EXCHANGE-TEST2.LOCAL. It seems like Krb5LoginModule adds
wrong user to the subject, and JGSS fails to find a TGT for it later.
Did anyone try silent Kerberos authentication against a non-default
realm?
Any help will be appreciated.
Thank you,
Joseph