I am using Java GSS-API with Kerberos for secure Authentication. I implemented sample Server and sample Client programs, and Client is able to successfully authenticate and get the service from Server. For these sample programs I passed the KDC address through Java System Property (java.security.krb5.kdc). Now the problem is that I want to connect to two different KDC Servers from single Client program to access multiple services. Through system property we can pass only one KDC Server address. How can I connect to multiple KDC Servers from a single Client program?
You can specify multiple domain entries and corresponding KDCs using KRB5 config file.
[libdefaults]
default_realm = A1.LOCAL
default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
[realms]
A1.LOCAL = {
kdc = ADA1.A1.LOCAL
}
B1.LOCAL = {
kdc = ADB1.B1.LOCAL
}
[domain_realm]
a1.local=A1.LOCAL
.a1.local=A1.LOCAL
b1.local=B1.LOCAL
.b1.local=B1.LOCAL
Instead of setting each property separately, provide this file as a configuration to your program. This can be done using - System.setProperty("java.security.krb5.conf", krb5ConfigFilePath);