You have to run regedit and add following key to your registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\ParametersThen you have to create jaas config (jaas.cfg) file with following content:
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule
required
useTicketCache=true
doNotPrompt=false
};
Where to put this config?
- The JRE looks for a default jaas.conf in “file:${user.home}/.java.login.config”
- You can add configuration files to java.security located in “lib/security” in the JRE base directory like so: “login.config.url.1=file:C:/somewhere/.java.login.config”
- Or you can specify the jaas configuration on the command line with:
- “-Djava.security.auth.login.config=path_to_file”
Then you have to do one very important thing - you have to run your application as a local admin. Without this condition it is definitely not working. If you have another experience with SSO / JAVA on Windows, let me know in the discussion below. And of course, you have to change the JDBC connection string to be "Kerberos ready". For example for Teradata it is LOGMECH=KRB5.
P.S. Very nice documentation is here: http://cr.openjdk.java.net/~weijun/special/krb5winguide-2/raw_files/new/kwin
