Differences

This shows you the differences between two versions of the page.

--- 72:configure_jaas_jgss [2018/07/06 18:19] – [Configure JAAS and JGSS Support on the Stages Server] bkkr
+++ 72:configure_jaas_jgss [2020/03/04 11:40] – [Configure JAAS and JGSS Support on the Stages Server] twn
@@ Line 5: / Line 5: @@
 === Java Authentication and Authorization Service (JAAS) ===
-JAAS is a standard Java API, which has to be configured with your network settings. Please edit the provided example file “/tomcat/webapps/pkit/WEB-INF/conf/jaas.conf” and replace the example values according to your network configuration:
+JAAS is a standard Java API, which has to be configured with your network settings. Please edit the provided example file <font inherit/Courier New,Courier,monospace;;inherit;;inherit>''conf/jaas.conf''</font> and replace the example values according to your network configuration:
 <code>
@@ Line 11: / Line 11: @@
   com.sun.security.auth.module.Krb5LoginModule required
     useKeyTab=true
-    keyTab=""
+    keyTab="//**PATH_TO_KEYTAB_FILE**// "
     storeKey=true
     realm="<KERBEROS-REALM>"
     debug="false"
-    principal="HTTP/<fqnd>@<KERBEROS-REALM>
+    principal="HTTP/<fqnd>@<KERBEROS-REALM>";
-}
+};
 </code>
-^ Argument     ^ Description     ^
+^Argument  ^Description  |
+|<key-tab file>|The full path to the keytab file is linked [[:72:enable_support|here]].|
+|<KERBEROS-REALM>|The Active Directory Kerberos realm. By default this is the domain name of your Active Directory in capital letters.|
+|<fqdn>|The full quantified DNS domain name of the Stages Server.|
+Example:<code>
+de.methodpark.pkit.auth.SpnegoAuthenticator {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="c:/Program Files/MethodPark/Stages/krb5.keytab"
+ storeKey=true
+ realm="PKITBUILD.ER.METHODPARK.DE"
+ debug="false"
+ principal="HTTP/pkit.methodpark.de@PKITBUILD.ER.METHODPARK.DE";
+};
+</code>
 === Java Generic Security Services (JGSS) ===
-JGSS is another Java Standard API, which has to be configured with your network information. Please edit the provided example file “/tomcat/webapps/pkit/WEB-INF/conf/krb5.conf” and replace the example values according to your network configuration:
+JGSS is another Java Standard API, which has to be configured with your network information. Please edit the provided example file <font inherit/Courier New,Courier,monospace;;inherit;;inherit>''/conf/krb5.conf''</font> and replace the example values according to your network configuration:
 <code>
@@ Line 38: / Line 56: @@
 .<ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE
 <ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE
 </code>
+^Argument  ^Description  |
+|<KERBEROS-REALM>|The Active Directory Kerberos realm. By default this is the domain name of your Active Directory in capital letters.|
+|<ad-server-fqdn>|The full qualified DNS name of the Active Directory server.|
+|<ad-dns-domain>|The DNS domain which belongs to the Active Directory.|
+Example:<code>
+[libdefaults]
+default_realm = PKITBUILD.ER.METHODPARK.DE
+default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
+default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
+forwardable = true
+[realms]
+PKITBUILD.ER.METHODPARK.DE = {
+kdc = projectkit.pkitbuild.er.methodpark.de:88
+}
+[domain_realm]
+.pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE
+pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE
+</code>
+=== AES-256 encryption ===
+To use AES-256 encryption add  aes256-cts  to the list of  default_tkt_enctypes  and  default_tgs_enctypes .
+=== Configuration Test ===
+To test your JAAS and JGSS configuration in a Stages server environment proceed in the way described below:
+  * Open a command prompt and change to the <stages> directory.
+  * Type ''<font inherit/Courier New,Courier,monospace;;inherit;;inherit>bin\testAutoLogin.bat</font>''  (on Windows) or <font inherit/Courier New,Courier,monospace;;inherit;;inherit>''bin/testAutoLogin.sh''</font> (on Unix) and hit enter.
+  * Watch the command prompt for output messages.
+===   ===
+\\