When the application server authenticatates service #1, is is successful. However, when the application server authenticates service #2, using different
KDC/realm/principal, the Kerberos configuration would need to be refreshed. Hence you would need to configure the Krb5LoginModule to refresh the Kerberos
configuration, using the option "refreshKrb5config=true".
However, even after refreshing the Kerberos configuration, application
server failed to authenitcate service #2. Upon further investigation,
it appears that the KDC and Kerberos realm were all refreshed, however,
the 2nd keytab is not loaded. This is because the keytab class still has
the old entries from the 1st keytab.
The KeyTab class is designed to be a singleton. This can be only one
instance of the Keytab. We need to refresh the keytab instance, when
the Kerberos configuration is refreshed.
11-08-04 [Seema malkani]
Have fixed Kerberos Login Module to allow to authenticate
to services with different KDCs.
xxxxx@xxxxx 2004-11-08 20:26:14 GMT
xxxxx@xxxxx 2004-11-08 20:27:28 GMT