views:

599

answers:

2

Using a provided username, password, and domain name, how can I retrieve a boolean value indicating if a user has successfully authenticated with a primary domain controller? Authentication should be performed using the Kerberos protocol for windows domain controllers. Thanks in advance, Dan

+1  A: 

You need to either write your own or use third party Authentication Module for that. When I was doing this, there was nothing available from JDK, so I used this tool. Note that it's GPL, but you can learn from there. You will have to create conf. file describing your authentication module and feed it into your JVM with java.security.auth.login.config property (e.g. using -D, or either way). In case of Tagish it looks something like this:

NTLogin { com.tagish.auth.win32.NTSystemLogin required returnNames=true returnSIDs=false defaultDomain="domain"; };

Another thing you will need is to specify kerberos configuration file via java.security.krb5.conf property. I don't have the details of this file handy, but you can easily find it on the net -- google about for krb5.conf. Settings in this file will have to match your windows domain and other windows specific settings.

It's a bit tricky to configure, but for me it worked very well, pretty robust.

Dima
A: 

There's a free implementation of a windows-only JAAS login module and of an SSO Negotiate (Kerberos/NTLM) authenticator: Waffle.

dblock