How can I manually test SPI kerberos for tomcat SSO

Question

How can I manually test SPI kerberos for tomcat SSO

I am trying to debug my spring-security-kerberos web application that runs on tomcat6 on Centos5.5 and have the service principal in keytab that I created in Windows 2008 AD. I would like to check the keys outside of tomcat to help isolate the problem (Spring does not fine keys)

I can list the keys using the program ktutiland see how you enter the table, but you can’t check if it really works.

+3

spring security kerberos

Arthur ulfeldt May 27, '11 at 21:55

source share

1 answer

T-heroon · Accepted Answer · 2017-02-07T13:42:40+0000

I looked through old questions and stumbled about it. So, you have already specified the keys with cuticle. To ensure that the main file Kerberos key table file inside really works, you can run this command: kinit -k -t <key table file name> <SPN>.

For example, if you have the HTTP SPN / somehost.mydomain.com and the key table file name is myfilename.keytab, your command would be:

kinit -k -t myfilename.keytab HTTP/somehost.mydomain.com

This is a simple Kerberos test completely outside of Tomcat (which meets your requirement) and checks if DNS, AD, krb5.conf and keytab are configured correctly (including the principle inside).

How can I manually test SPI kerberos for tomcat SSO

More articles: