You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@jmeter.apache.org by "Masters,Louis" <Lo...@fhlbny.com> on 2014/06/02 14:50:08 UTC

Kerberos/client 4 not using specified username/pw

I'm trying to get Kerberos to work with the HTTP Authorization Manager.  It matches the URL correctly, but when I debug my app, I see it is using the currently logged in user instead of the username/password I specify in the manager.  There are no authentication errors in the log.

Details:
JDK 1.6.0_32
JMeter 2.11
HTTPClient 4


I tried setting the "http.authentication.preemptive$Boolean" to false and true, but that does not seem to work.

Thanks,
Lou



Confidentiality Notice: The information contained in this e-mail and any attachments (including, but not limited to, any attached e-mails) may be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org

RE: Kerberos/client 4 not using specified username/pw

Posted by "Masters,Louis" <Lo...@fhlbny.com>.

OK, I may have figured this out.  I changed the jass.conf file to:


JMeter {
    com.sun.security.auth.module.Krb5LoginModule required
    doNotPrompt=false
    useKeyTab=false
    storeKey=false;
};

And it looks like it is using the auth manager's users.

I'm doing more testing, but your response figured it out for me.

Thanks,
Lou


> -----Original Message-----
> From: Felix Schumacher [mailto:felix.schumacher@internetallee.de]
> Sent: Monday, June 02, 2014 10:44 AM
> To: JMeter Users List
> Subject: Re: Kerberos/client 4 not using specified username/pw
>
> Am 02.06.2014 14:50, schrieb Masters,Louis:
> > I'm trying to get Kerberos to work with the HTTP Authorization
> > Manager.  It matches the URL correctly, but when I debug my app, I
> see
> > it is using the currently logged in user instead of the
> > username/password I specify in the manager.  There are no
> > authentication errors in the log.
> >
> > Details:
> > JDK 1.6.0_32
> > JMeter 2.11
> > HTTPClient 4
>
> Have you configured the properties
>
> java.security.krb5.conf=krb5.conf
> java.security.auth.login.config=jaas.conf
>
> in your bin/system.properties file?
>
> What is your server sending? It has to send a header "WWW-Authenticate:
> Negotiate" with a status of 401.
>
> Regards
>   Felix
> >
> >
> > I tried setting the "http.authentication.preemptive$Boolean" to false
> > and true, but that does not seem to work.
> >
> > Thanks,
> > Lou
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org



Confidentiality Notice: The information contained in this e-mail and any attachments (including, but not limited to, any attached e-mails) may be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org

RE: Kerberos/client 4 not using specified username/pw

Posted by "Masters,Louis" <Lo...@fhlbny.com>.

I have the krb files config'd and my Kerberos seems to be working (it is logging in with the currently logged in user's ID.  My files are:

Jaas.conf:

JMeter {
    com.sun.security.auth.module.Krb5LoginModule required
    debug=true
    keytab="D:\Data\JMeter\config\krb\krb5.conf"
    doNotPrompt=true
    useKeyTab=false
    useTicketCache=true
    renewTGT=true
    storeKey=false
    storePass=false
    refreshKrb5Config=false
    useFirstPass=false
    tryFirstPass=false
    ;
};

[libdefaults]
        default_realm = MY-REALM
        default_keytab_name = FILE:c:/keytab/x.keytab
        default_tkt_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts des-cbc-md5 des-cbc-crc
        default_tgs_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts des-cbc-md5 des-cbc-crc

[realms]
        MY-REALM = {
                kdc = servername.my-realm:88
                admin_server = serveradmin.my-realm:749
                default_domain = my-domain
        }

[domain_realm]
        .my-domain = domain
        other-domain = domain

[logging]
        kdc = FILE:/Data/JMeter/logs/krb5kdc.log
        admin_server = FILE:/Data/JMeter/logs/kadmin.log
        default = FILE:/Data/JMeter/logs/krb5lib.log


I'm seeing a negotiate with a 200 since it is using my desktop user's ID.  So, if I'm logged into my Windows desktop as DESKTOPUSER and I added several usernames (say test1, test2, test3) to the auth manager, I'm seeing (via my app logs) the DESKTOPUSER logging in and not the test virtual users.

Could it be the way I have Kerberos setup?

Thanks,
Lou



> -----Original Message-----
> From: Felix Schumacher [mailto:felix.schumacher@internetallee.de]
> Sent: Monday, June 02, 2014 10:44 AM
> To: JMeter Users List
> Subject: Re: Kerberos/client 4 not using specified username/pw
>
> Am 02.06.2014 14:50, schrieb Masters,Louis:
> > I'm trying to get Kerberos to work with the HTTP Authorization
> > Manager.  It matches the URL correctly, but when I debug my app, I
> see
> > it is using the currently logged in user instead of the
> > username/password I specify in the manager.  There are no
> > authentication errors in the log.
> >
> > Details:
> > JDK 1.6.0_32
> > JMeter 2.11
> > HTTPClient 4
>
> Have you configured the properties
>
> java.security.krb5.conf=krb5.conf
> java.security.auth.login.config=jaas.conf
>
> in your bin/system.properties file?
>
> What is your server sending? It has to send a header "WWW-Authenticate:
> Negotiate" with a status of 401.
>
> Regards
>   Felix
> >
> >
> > I tried setting the "http.authentication.preemptive$Boolean" to false
> > and true, but that does not seem to work.
> >
> > Thanks,
> > Lou
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org



Confidentiality Notice: The information contained in this e-mail and any attachments (including, but not limited to, any attached e-mails) may be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org

Re: Kerberos/client 4 not using specified username/pw

Posted by Felix Schumacher <fe...@internetallee.de>.

Am 02.06.2014 14:50, schrieb Masters,Louis:
> I'm trying to get Kerberos to work with the HTTP Authorization
> Manager.  It matches the URL correctly, but when I debug my app, I see
> it is using the currently logged in user instead of the
> username/password I specify in the manager.  There are no
> authentication errors in the log.
> 
> Details:
> JDK 1.6.0_32
> JMeter 2.11
> HTTPClient 4

Have you configured the properties

java.security.krb5.conf=krb5.conf
java.security.auth.login.config=jaas.conf

in your bin/system.properties file?

What is your server sending? It has to send a header "WWW-Authenticate: 
Negotiate" with a status of 401.

Regards
  Felix
> 
> 
> I tried setting the "http.authentication.preemptive$Boolean" to false
> and true, but that does not seem to work.
> 
> Thanks,
> Lou
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org