Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
72:configure_jaas_jgss [2018/11/29 11:30] – [Configure JAAS and JGSS Support on the Stages Server] evt72:configure_jaas_jgss [2020/03/04 11:39] – [Configure JAAS and JGSS Support on the Stages Server] twn
Line 10: Line 10:
 de.methodpark.pkit.auth.SpnegoAuthenticator { de.methodpark.pkit.auth.SpnegoAuthenticator {
   com.sun.security.auth.module.Krb5LoginModule required   com.sun.security.auth.module.Krb5LoginModule required
-    useKeyTab="true"+    useKeyTab=true
     keyTab="//**PATH_TO_KEYTAB_FILE**// "     keyTab="//**PATH_TO_KEYTAB_FILE**// "
-    storeKey="true"+    storeKey=true
     realm="<KERBEROS-REALM>"     realm="<KERBEROS-REALM>"
     debug="false"     debug="false"
-    principal="HTTP/<fqnd>@<KERBEROS-REALM>" +    principal="HTTP/<fqnd>@<KERBEROS-REALM>"; 
-}+}
 </code> </code>
  
Line 24: Line 25:
 |<fqdn>|The full quantified DNS domain name of the Stages Server.| |<fqdn>|The full quantified DNS domain name of the Stages Server.|
  
-Example:+Example:<code>
  
-<code> 
 de.methodpark.pkit.auth.SpnegoAuthenticator { de.methodpark.pkit.auth.SpnegoAuthenticator {
  com.sun.security.auth.module.Krb5LoginModule required  com.sun.security.auth.module.Krb5LoginModule required
Line 34: Line 34:
  realm="PKITBUILD.ER.METHODPARK.DE"  realm="PKITBUILD.ER.METHODPARK.DE"
  debug="false"  debug="false"
- principal="HTTP/pkit.methodpark.de@PKITBUILD.ER.METHODPARK.DE" + principal="HTTP/pkit.methodpark.de@PKITBUILD.ER.METHODPARK.DE"; 
-}+}
 </code> </code>
  
Line 55: Line 56:
 .<ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE .<ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE
 <ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE <ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE
 +
 </code> </code>
  
Line 62: Line 64:
 |<ad-dns-domain>|The DNS domain which belongs to the Active Directory.| |<ad-dns-domain>|The DNS domain which belongs to the Active Directory.|
  
-Example:+Example:<code>
  
-<code> 
 [libdefaults] [libdefaults]
 default_realm = PKITBUILD.ER.METHODPARK.DE default_realm = PKITBUILD.ER.METHODPARK.DE
Line 77: Line 78:
 .pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE .pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE
 pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE
 +
 </code> </code>
 +
 +=== AES-256 encryption ===
 +
 +===  To use AES-256 encryption add aes256-cts  to the list of  default_tkt_enctypes  and  default_tgs_enctypes.   ===
  
 === Configuration Test === === Configuration Test ===
Line 83: Line 89:
 To test your JAAS and JGSS configuration in a Stages server environment proceed in the way described below: To test your JAAS and JGSS configuration in a Stages server environment proceed in the way described below:
  
-  * Open a command prompt and change to the <PKIT_HOME> directory.+  * Open a command prompt and change to the <stages> directory.
   * Type ''<font inherit/Courier New,Courier,monospace;;inherit;;inherit>bin\testAutoLogin.bat</font>''  (on Windows) or <font inherit/Courier New,Courier,monospace;;inherit;;inherit>''bin/testAutoLogin.sh''</font> (on Unix) and hit enter.   * Type ''<font inherit/Courier New,Courier,monospace;;inherit;;inherit>bin\testAutoLogin.bat</font>''  (on Windows) or <font inherit/Courier New,Courier,monospace;;inherit;;inherit>''bin/testAutoLogin.sh''</font> (on Unix) and hit enter.
   * Watch the command prompt for output messages.   * Watch the command prompt for output messages.
 +
 +===   ===
  
 \\ \\