The jave kerberos code needs a krb5.conf file, usually called krb5.ini when on
Windows. The KDCs must be listed in the file. You can copy the unix version
of krb5.conf to krb5.ini. Note that Java does not use DNS to lookup the KDCs,
so the KDCs must be listed in the krb5.ini.

http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/KerberosReq.html


Windows has its own built in Kerberos, and is used if you login to AD.
In that case the MIT Identity manager is not needed.

Java can look at the Windows cache in the LSA, or at a ticket cache
created by MIT Identity manager, if its in a file. Look at the
options->Kerberos5->Credential Cache and add on if needed.
See:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
Look at the ticketcache option to point at the MIT identity provider ticket cache.

The identity manager store its tickets in a seperate ticket cache then Windows,
and i an not sure if the Java can access these. It can access the Windows
ticket cache. but now write into it today.


(You can also look at the runas /netonly /user:***@realm jxplorer.bat
which will use the LSA to get you a ticket. but windows needs to find the KDCs,
and it you are not using AD, but Kerberos, see the MS ksetup command and ho
to provide this.)


This may be all you need in the jxplorer.bat:

IF EXIST %windir%\krb5.ini set K5CONF=-Djava.security.krb5.conf=%windir%\krb5.ini
java %K5CONF% -Djxplorer.config=user.home -classpath
.;jars/jxplorer.jar;jars/help.jar;jars/jhall.jar;jars/junit.jar;jars/ldapsec.jar;jars/log4j.jar;jars/dsml/activation.jar;jars/dsml/commons-logging.jar;jars/dsml/dom4j.jar;jars/dsml/dsmlv2.jar;jars/dsml/mail.jar;jars/dsml/saaf-api.jar;jars/dsml/saaj-ri.jar
com.ca.directory.jxplorer.JXplorer
Main problem is Windows, MIT Kerberos, and Java each provide their
own implementation of all of Kerberos and GSS. The can share some of the
information on the client, but it takes some work to get it right.