I am implementing a CAS server on a Windows 2008R2 machine. Everything is running perfect, however only when I place my keytab file in C:. My login.conf looks like this at the moment:
jcifs.spnego.initiate {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\spn-account.keytab";
};
jcifs.spnego.accept {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\spn-account.keytab";
I would like to change the location of the keytab file to my Tomcat directory. I've tried the following (including moving the keytab file itselft) and they both don't work:
jcifs.spnego.initiate {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\Program%20Files\spn-account.keytab";
};
jcifs.spnego.accept {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\Program%20Files\Tomcat\spn-account.keytab";
and
jcifs.spnego.initiate {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\Progra~1\Tomcat\spn-account.keytab";
};
jcifs.spnego.accept {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\Progra~1\Tomcat\spn-account.keytab";
Does anyone have a clue how I can change the keytab file location to my Tomcat directory?
Try using java-style paths for the keyTab. Use forward slashes instead of backslashes; if you have to use backslashes, they need to be double-double-escaped (four backslashes any time you want one), so they can be read into Properties and then have URIs created from them.