Kerberos Java Client: Adding Multi user support

I've written two blog posts on connecting to Kerberos clients using the JCraft library using Java.
In those posts, I've only allowed single user support by using a static login configuration file ( jaas.conf).

To allow multi user support, you have to provide the login configurations for Java programmatically, instead of setting it as a environment variable.
To do this we need to have a configuration object with the relevant settings that were in the login.conf file. We have to create that object extending the class.

Here's an example java class.

public class JaaSConfiguration   extends {
    private Map BASIC_JAAS_OPTIONS =
            new HashMap();

            new HashMap();

    private String ticketCache;

    // provide the ticket location in the constructor
    public JaaSConfiguration(String ticketCache) {
        this.ticketCache = ticketCache;
        System.out.println("TicketCache: "+ticketCache);

    private void init()
        USER_KERBEROS_OPTIONS.put("useDefaultCache", "true");
        USER_KERBEROS_OPTIONS.put("doNotPrompt", "true");
        USER_KERBEROS_OPTIONS.put("useTicketCache", "true");
        USER_KERBEROS_OPTIONS.put("debug", "true");
        USER_KERBEROS_OPTIONS.put("ticketCache", ticketCache);
        USER_KERBEROS_OPTIONS.put("renewTGT", "true");


    private AppConfigurationEntry USER_KERBEROS_LOGIN =
            new AppConfigurationEntry("",

    private AppConfigurationEntry[] SIMPLE_CONF =
            new AppConfigurationEntry[]{USER_KERBEROS_LOGIN};

    public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
        return SIMPLE_CONF;


Now that you have the extended class, you have to specify before you start the session, where to look for the login configurations ( instead of setting it as a system variable) JaaSConfiguration(ticketCache));

notice that, in the constructor, you have to provide the ticket location of each user.

After that you are good to go.


Popular Posts