/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @param args boolean if the program should succeed
*/
throws Exception {
// Create and start the KDCs. Here we have 3 realms: R1, R2 and R3.
// R1 is trusted by R2, and R2 trusted by R3.
"forwardable=true",
"[capaths]",
"R1 = {",
" R2 = .",
" R3 = R2",
"}",
"[domain_realm]",
".r3.local=R3"
);
// Defines the client and server on R1 and R3 respectively.
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n};\n" +
"com.sun.security.jgss.krb5.accept {\n" +
" com.sun.security.auth.module.Krb5LoginModule required\n" +
" principal=\"host/host.r3.local@R3\"\n" +
" useKeyTab=true\n" +
" keyTab=localkdc.ktab\n" +
" isInitiator=false\n" +
" storeKey=true;\n};\n" +
"\n").getBytes());
"OkAsDelegateXRealm");
// Test twice. The frist time the whole cross realm process is tried,
// the second time the cached service ticket is used. This is to make sure
// the behaviors are the same, especailly for the case when one of the
// cross-realm TGTs does not have OK-AS-DELEGATE on.
for (int i=0; i<2; i++) {
c.x().requestDelegPolicy(true);
boolean succeed = true;
try {
s.x().getDelegCred();
} catch (GSSException gsse) {
succeed = false;
}
throw new Exception("Test fail at round #" + i);
}
}
}
throws IOException, UnsupportedCallbackException {
if (callback instanceof NameCallback) {
}
if (callback instanceof PasswordCallback) {
}
}
}
}