In this Blog post I'll show you how to use Username/Password authentication with a Talend ESB WebService (based on CXF) running inside a Karaf runtime. First with a UsernameToken inside the SOAP Header and second by using BasicAuthentication.
This blog focuses on technical solutions around security and application integration tasks
13 March 2017
06 February 2017
Kerberos Debugging in Java
Working with Kerberos can easily cause a lot of trouble. Troubleshooting can take several hours.
In this blog I'll show you what will help you best when using Kerberos with Java for example to secure a Hadoop cluster.
When Kerberos is not working as expected it is important to understand why. Enabling Kerberos debug logging is a very valuable resource to understand what is happening.
To enable Kerberos debugging you need to set the following JVM property:
Usually you will define your Kerberos configuration within your
There are also a few other JVM properties that are usually not required, but can be useful to override/define your configuration at application startup:
Here are some more shell commands that are very helpful to test if Kerberos is working in general (outside of your Java application):
In this blog I'll show you what will help you best when using Kerberos with Java for example to secure a Hadoop cluster.
When Kerberos is not working as expected it is important to understand why. Enabling Kerberos debug logging is a very valuable resource to understand what is happening.
To enable Kerberos debugging you need to set the following JVM property:
-Dsun.security.krb5.debug=trueNow read your log file very carefully. This will help you to understand what is missing.
Usually you will define your Kerberos configuration within your
C:\Windows\krb5.ini
or /etc/krb5.conf
file. Make sure that your hostname mapping to your Kerberos realm is correct in here.There are also a few other JVM properties that are usually not required, but can be useful to override/define your configuration at application startup:
-Djava.security.krb5.kdc=hostname.of-your.kerberos.server -Djava.security.krb5.realm=YOUR.KERBEROS.REALM -Djava.security.auth.login.config=file:/C:/Programme/Tomcat-IDP/conf/kerberos.jaas
Kerberos is very sensitive to DNS configuration.
Here are some more shell commands that are very helpful to test if Kerberos is working in general (outside of your Java application):
# Login with a specific keytab file kinit -k -t /path/to/your/keytab # List all local available tokens. After kinit there should be at least your tgt token. klist # Request a ticket for a specific service. Check if the service is registered correctly at your Kerberos server. kvno service/hostname@domainhttps://web.mit.edu/kerberos/krb5-1.12/doc/user/user_commands/kvno.html
Subscribe to:
Posts (Atom)