1

We do have java code to perform the sftp operation through JSch lib. By default JSch lib has below order of authentication modes for sftp operation. gssapi-with-mic,publickey,keyboard-interactive,password

If Kerberos is disable on server, then it would move to next authentication mode while performing the sftp command. But if Kerberos is enabled on server, then server would be prompted for credentials while performing sftp operation.

So How we can pro-grammatically pass the credentials to Kerberos prompts (if Kerberos enabled on server).

Thanks, Hrushi

Hrushi
  • 163
  • 1
  • 10
  • This is not really a JSch question, but rather a pure Kerberos question. I believe you are looking for this: [HttpClient set credentials for Kerberos authentication](https://stackoverflow.com/q/21629132/850848). – Martin Prikryl Jan 07 '19 at 10:36
  • Thanks you so much Martin for your help. First I need to create the Kerberos environment to test this. Will do this. – Hrushi Jan 07 '19 at 12:16
  • On Windows, with proper JAAS configuration, the JVM should be able to access the current AD session credentials in the Windows LSA cache automatically _(may require some reconfig on Win Server since LSA is hidden from non-system apps by default)_. On Linux, the JVM will access the default cache (if set to `file` type; other types such as `keyring` may not work) that is typically set with a `kinit` command. – Samson Scharfrichter Jan 09 '19 at 14:28
  • It is also possible to define a custom JAAS config that enables a prompt for password -- but that requires an override of JVM "system security policy" via a system prop on the Java command-line, pointing to a custom conf file. Requires also that client-side `krb5.conf` is found and valid, and that the Kerberos principal _(i.e. the full login name)_ is either hard-coded in JAAS config or induced correctly from the current user name. – Samson Scharfrichter Jan 09 '19 at 14:35
  • Good luck, all that is badly documented and a nightmare to set up and debug (config & auth errors are not displayed by default, JAAS silently reverts to silly settings that produce useless error messages in the end...) – Samson Scharfrichter Jan 09 '19 at 14:36

0 Answers0