RE: certRealm in login.conf login module class is never loaded

From: Martin Gainty <mgainty_at_hotmail.com>
Date: Wed, 1 Jun 2011 06:48:21 -0400

//assuming domains/domain1/config/login.conf looks something like
Login {
   com.sun.security.auth.module.UnixLoginModule required;
   com.sun.security.auth.module.Krb5LoginModule optional
                   useTicketCache="true"
                   ticketCache="${user.home}${/}tickets";
};

if UnixLoginModule success or fail Krb5LoginModules class is called so
comment out the second entry and determine the cause of failure for first entry in login.conf
things to look at:
Parameters are incorrect?
UnixLoginModule is not available to CL?

Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de d�ni et de confidentialit�

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut �tre privil�gi�. Si vous n'�tes pas le destinataire pr�vu, nous te demandons avec bont� que pour satisfaire informez l'exp�diteur. N'importe quelle diffusion non autoris�e ou la copie de ceci est interdite. Ce message sert � l'information seulement et n'aura pas n'importe quel effet l�galement obligatoire. �tant donn� que les email peuvent facilement �tre sujets � la manipulation, nous ne pouvons accepter aucune responsabilit� pour le contenu fourni.

> Subject: Re: certRealm in login.conf login module class is never loaded
> From: v.b.kumar.jayanti_at_oracle.com
> Date: Wed, 1 Jun 2011 15:36:49 +0530
> To: users_at_glassfish.java.net
>
> Are you following this : http://weblogs.java.net/blog/kumarjayanti/archive/2010/03/25/custom-authentication-client-certificate-mutual-ssl-scenarios-g
>
> On 01-Jun-2011, at 6:23 AM, forums_at_java.net wrote:
>
> > I have followed what little instructions exist for configuring client cert
> > authentication, but the class specified in the login.conf is never loaded.
> > I have tried with 2.1 and 3.1 with no difference. I have defined a static
> > initializer in the class, so that is how I know it is not being loaded.
> > Every time I hit the protected URL, the server responds with a 400. If I
> > remove the protection in the web.xml, the file retrieves just fine, but when
> > I set CLIENT_CERT again, wham, 400, with NO exceptions of any kind. I have
> > set FINEST on the logging, and nothing shows up about the login module class,
> > but it does show that the CertificateRealm loads succesfully, but there is
> > not any indication that it is loading the login module specified by its
> > jass-context property thru the login.conf.
> >
> > If anyone has made this work, please tell me HOW.
> >
> >
> > --
> >
> > [Message sent by forum member 'geturnerlmco']
> >
> > View Post: http://forums.java.net/node/808034
> >
> >
>