Java process determining executing user's NT groups

I'm aware I can call out to Active Directory and do queries provided I have a cleartext username and password. (I don't want to do that)

In VB, I can set authorisation levels by NT group - and the user doesn't have to enter their password nor, store it in a text file. (My understanding is that this has 开发者_如何学运维access to the Windows AD ticket).

I also know I can shell out to the command line and parse the output - to get the users groups - this is problematic.

How can I replicate getting the executing user's NT groups without a password in Java?

(It is beginning to sound like I'll have to call the Win32 API with JNA to get the kerberos ticket - I'm hoping there is a simpler way.)

You should split up your question in two because you're mixing authentication with authorization. Kerberos works very pleasently with Java on Windows with some caveats due to MS. Having said that use the Kerberos ticket with the provided principal to authenticate against AD and retrieve the user's memberOf values to see in which groups the user is in.