commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Derek Visch <dvi...@leveldata.com>
Subject VFS - JSCH - Preferred Authentication - gssapi-with-mic
Date Thu, 10 Dec 2015 13:30:05 GMT
We updated to jre8 from jre6 a while back, and had an issue with the
Kerberos Login and Kerberos Password prompt, basically we're providing the
password for an SFTP site, but we get a Kerberos Login prompt which causes
the program to wait for user input (Hitting enter manually twice allows the
program to run properly)

We are using commons-vfs2-2.0 and jsch .1.53

After some digging I found
http://stackoverflow.com/questions/10881981/sftp-connection-through-java-asking-for-weird-authentication
and
https://bz.apache.org/bugzilla/show_bug.cgi?id=53437

But I didn't find anything that talked about VFS2 at all so I thought I'd
at least post this here to help the next poor person who runs into this
problem, and also ask if this has already been fixed, or if maybe I"m just
doing something wrong.

Note that the default preferred authentication options for JSCH are
"gssapi-with-mic,publickey,keyboard-interactive,password"


local = VFS.getManager().toFileObject(new File(args.local_file))
FileSystemOptions opts = new FileSystemOptions();
SftpFileSystemConfigBuilder.getInstance().setPreferredAuthentications(opts,
"publickey,keyboard-interactive,password"); //Needed this in order to fix a
Kerberos Login / Password issue with the upgrade from jre6 to jre8
remote = VFS.getManager().resolveFile(buildFtpUrl(args), opts);

The code above works, what we had before was
local = VFS.getManager().toFileObject(new File(args.local_file))
remote = VFS.getManager().resolveFile(buildFtpUrl(args),  new
FileSystemOptions());

Is there something else I could do here to not have to override the default
authentication options, I'd think that if we provided a username and
password we would skip the Kerberos authentication piece.

Thanks
 - Derek

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message