I learned about the xp thing - and what to do about it - this link shows
the 2 registry locations, one of which you need to set, depending on
windows version -
The JVM we are using is actually a thing called IKVM - it is a .Net
wrapper around jar files. We are using it to be able to use jt400
functions in .Net apps - pretty cool. Trouble is, that the stuff to
retrieve Kerberos tickets was never coded in IKVM - the developer just
this May said that no one is asking and that it is really a lot of work
So IKVM is a sort-of JVM, what I called a wrapper-over-Java below.
IBM partner support sent me some sample code for connecting with jt400,
using Kerberos authentication, and they included the somersaults they
had to use to make it work!! Once I had set that registry value, things
worked fine - in jt400, all you need to do is create the AS400 object
using only the IP address or host name - no user or password - it'll try
to use Kerberos, and if you are logged into a Windows domain, it just
When running the same methods in the IKVM, it fails, saying it could not
retrieve the ticket - something like that. But if I run the Kinit method
in Sun's JVM, which puts the ticket into a credential cache file, it works.
What I have found, with a lot of help from IBM partner support, is that
there is a set of LSA* APIs in Windows that can get this stuff - had to
be, right? The OpenJDK project has its source available and includes
calls to these APIs. Trouble is, there is all this Java JNI stuff around
it - so I also got the MIT KfW (Kerberos for Windows) code, and that
also has everything - and that will be easier to adapt.
I'm hoping that there is a higher-level something .Net-ish, and I have a
ticket in with Microsloth, but I don't hold out much hope - the last
thing the tech said was I should be using SSPI - duh!! I don't think so.
But might have a call with an SME tomorrow.
So things look promising - of course, any one in this list who has
worked with the LSA* stuff, their knowledge and help will be appreciated
On 8/21/2011 5:51 PM, Thorbjoern Ravn Andersen wrote:
Den 03/08/11 22.07, Vern Hamberg skrev:
Yeah, agreed, but I'm not retrieving a password - not at all - in fact,
What JVM are you using and is there any Windows tweaks? The Sun JVM has
I have no interest even in the windows user name.
What I do want is to get the Kerberos ticket-granting-ticket in some
form that this wrapper-over-java can use to authenticate to the iSeries.
had trouble getting the TGT under Windows since an XP service pack. (and
I'd really like it to work)
As an Amazon Associate we earn from qualifying purchases.