Re: failure notice

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: failure notice

adam.hardy
Posting about this issue on Stackoverflow:

http://stackoverflow.com/questions/43984609/java-client-and-kerberos-sso-krb5loginmodule-not-re-using-tickets

> I have successfully set up jmeter to make requests to a server authenticating
> with kerberos, but I see that jmeter is re-authenticating with every request.
> In the server access logs, I see two requests to the server for every attempt,
> the first requests results in a 401 status response, and then jmeter replies
> properly and the server generates a 200 status response with the expected content.
> I'd like to set it up so that jmeter only needs to do the handshaking
> negotiation and trip to the kerberos KDC once rather than with every call.
> Is that possible? I hope it's just a case of configuring it in my krb5.conf
> file, but my searches didn't come up with anything.
> Here's my krb5.conf file:
>> JMeter {
>>      com.sun.security.auth.module.Krb5LoginModule required
>>      doNotPrompt=false
>>      useKeyTab=false
>>      storeKey=true
>>      debug=false;
>> };
>> Thanks
>> Adam
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: failure notice

glinius@live.com
This post has NOT been accepted by the mailing list yet.
 1. I don't think you need the quotation marks around paths and this `FILE:` bit is not required as well, like:
 
   
ticketCache=/path/to/your/krb.cache
 
 2. Why you are using both ticket cache and keytabs, one should be enough (unless you need to test fallback scenario)
 3. What operating system you are using?

I recall solving the problem with something like:

<quote>
com.sun.security.jgss.krb5.initiate {
    com.sun.security.auth.module.Krb5LoginModule required
    debug=true
    doNotPrompt=true
    useTicketCache=true        
};

And setting the following registry key (Windows 7)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01  ( default is 0 )
References:

 
JSch And Kerberos Authentication

JGSS Troubleshooting

Windows Authentication with Apache JMeter