My computer(Windows, JDK7 update 21 x64), such as mybox.domain2.company.com, is connected to a domain of my company. I can access a site in three different urls:
http://mysite.domain1.company.com
or
http://XXX.XXX.XXX.XXX(ip format)
or
http://mysitealias
via negotiate authentication in IE, Firefox, etc. Here domain1.company.com and domain2.company.com are two domains in my company. This site is placed in IIS 7, and its authentication is "Negotiate".
After googling and configuring kerberos, I can use URLConnection in java to access
http://mysite.domain1.company.com
. However, I can use IP or host alias in browsers to do that, but not in Java. Can anyone achievie direct IP access or host alias access?
krb5.conf:
[libdefaults]
default_realm = DOMAIN2.COMPANY.COM
default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5 des-cbc-crc
[domain_realm]
.domain1.company.com = DOMAIN1.COMPANY.COM
.domain2.company.com = DOMAIN2.COMPANY.COM
login.conf:
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required;
};
(Please note all host names are just given out for example.)
Kerberos is not designed to work on IP addresses. Stick to hostnames only.