How to change the location of the keytab file in Jasig CAS under Tomcat under Windows Server

Question

I am implementing a CAS server on a Windows 2008R2 machine. Everything is running perfect, however only when I place my keytab file in C:. My login.conf looks like this at the moment:

jcifs.spnego.initiate {
   com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\spn-account.keytab";
};
jcifs.spnego.accept {
   com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\spn-account.keytab";

I would like to change the location of the keytab file to my Tomcat directory. I've tried the following (including moving the keytab file itselft) and they both don't work:

jcifs.spnego.initiate {
   com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\Program%20Files\spn-account.keytab";
};
jcifs.spnego.accept {
   com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\Program%20Files\Tomcat\spn-account.keytab";

and

jcifs.spnego.initiate {
   com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\Progra~1\Tomcat\spn-account.keytab";
};
jcifs.spnego.accept {
   com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:\Progra~1\Tomcat\spn-account.keytab";

Does anyone have a clue how I can change the keytab file location to my Tomcat directory?

Answer 1

Try using java-style paths for the keyTab. Use forward slashes instead of backslashes; if you have to use backslashes, they need to be double-double-escaped (four backslashes any time you want one), so they can be read into Properties and then have URIs created from them.