6

I'm aware I can call out to Active Directory and do queries provided I have a cleartext username and password. (I don't want to do that)

In VB, I can set authorisation levels by NT group - and the user doesn't have to enter their password nor, store it in a text file. (My understanding is that this has access to the Windows AD ticket).

How can I get the kerberos ticket from the user's logged in session in windows? (without asking for a username and password).

This appears to get there: Java and Kerberos authentication krb5.conf versus System.setProperty But doesn't get the ticket.

(It is beginning to sound like I'll have to call the Win32 API with JNA to get the kerberos ticket - I'm hoping there is a simpler way.)

Community
  • 1
  • 1
hawkeye
  • 34,745
  • 30
  • 150
  • 304
  • what are you trying to do with the ticket itself? Is it an option to generate tickets as needed using keytabs? – Moe Matar Jul 17 '11 at 05:00
  • This is the first part of a series of questions. I'd like to pass the ticket to AD to get more info. – hawkeye Jul 18 '11 at 23:42

1 Answers1

2

You should start with this one. It will guide your through the steps to obtain a service ticket for a specific server. Beware that the client machine and account have to part of the domain.

Michael-O
  • 18,123
  • 6
  • 55
  • 121
  • Any chance of updating the link? – hawkeye Dec 09 '20 at 12:50
  • 2
    @hawkeye Java 8: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/index.html Java 11: https://docs.oracle.com/en/java/javase/11/security/introduction-jaas-and-java-gss-api-tutorials1.html Java 17: https://docs.oracle.com/en/java/javase/17/security/introduction-jaas-and-java-gss-api-tutorials1.html – kevinarpe Nov 23 '21 at 10:15