When retrieving artifacts from a Maven repository that is protected by Kerberos authentication Gradle doesn’t seem to even try to perform Kerberos authentication if credentials aren’t specified (even though the credentials are ignored).
Also it seems like even when the kerberos authentication is attempted it doesn’t seem to work. I’ve built a simple java application using HttpClient (also a simpler application using the built in Java HttpUrlConnection) both seem to work with Kerberos with relatively no code as long as javax.security.auth.useSubjectCredsOnly is set to false.
I can’t seem to get Gradle to consistently work with Kerberos though.
You are correct that we will only attempt Kerberos authentication (or really, any authentication) when credentials are specified. This is primarily due to the HttpClient API, which requires you to set a Credentials object regardless of the authentication scheme. As you have already realized, in the case of Kerberos these credentials are simply ignored so can be set to anything. That said, we don’t really do anything special here beyond what you described, although we aren’t specifically setting the javax.security.auth.useSubjectCredsOnly system property. If you set that via the command line -D javax.security.auth.useSubjectCredsOnly=false you should get the same result.
Thank you so much for your response Mark, would it be possible to make credentials no longer required if Kerberos is being attempted, to provide for cleaner config files?
I feel kind of dumb now I had useSubjectCreds in my gradle.properties, but I accidentally set it as
We potentially want to improve this by allowing you to explicitly specify Kerberos (or NTLM) as an authentication scheme in the DSL (similarly to how you can with basic or digest). A prerequisite to this however involves adding test coverage for Kerberos which we currently don’t have.
I had useSubjectCreds in my gradle.properties, but I accidentally set it as