2

Can you please help me on below questions -

  • Does below jars supports the Kerberos authentication while performing the SFTP operations through jsch library? jsch-0.1.51.jar jsch-0.1.49.jar

  • is Kerberos authentication by default supported by library or do we need to take care to enable the Kerberos authentication? how we can do this?

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Hrushi
  • 163
  • 1
  • 10

1 Answers1

1

Yes, JSch supports Kerberos.

And, yes it's enabled by default (what actually sometimes causes problems to those, who do not want to use Kerberos).

Kerberos was supported even back in 0.1.49. But you should always use the latest version of JSch (0.1.55 as of now). It's security software after all!

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
  • So, if I didnt set the value for "PreferredAuthentications" like below, it would by default supports Keberose? session.setConfig( "PreferredAuthentications", "publickey,keyboard-interactive,password,gssapi-with-mic"); If I didnt set the value for "PreferredAuthentications", What would be the default values for this property? – Hrushi Jan 04 '19 at 10:44
  • 1
    The default in 0.1.55 (at least since 0.1.33) is `gssapi-with-mic,publickey,keyboard-interactive,password` – Martin Prikryl Jan 04 '19 at 10:48
  • Thanks Martin for your help. That means, if client perform some operation by using the jsch lib with default value of "PreferredAuthentications" and server does not have kerberos enabled, then it would neglect the gssapi-with-mic straight forward and move to next authentication method. Please correct me if my understanding is incorrect. But if server also have Kerberos enabled, then prompt would be there to enter the credentials. – Hrushi Jan 04 '19 at 11:23
  • If server has Kerberos enabled, then we need to provide the credentials on prompt. Can we handle this programmatically, so that user should not get prompt while executing the sftp operaton through jsch lib? – Hrushi Jan 04 '19 at 12:30
  • 1
    Of course. But that’s well beyond your current question. I believe that this question has been answered already. – Martin Prikryl Jan 04 '19 at 13:54
  • Thank you so much Martin for your help. I am raising another ticket. – Hrushi Jan 07 '19 at 07:47