Stages Documentation

This is an old revision of the document!

Deployment Guide

Configure JAAS and JGSS Support on the Stages Server

Java Authentication and Authorization Service (JAAS)

JAAS is a standard Java API, which has to be configured with your network settings. Please edit the provided example file “/tomcat/webapps/pkit/WEB-INF/conf/jaas.conf” and replace the example values according to your network configuration: 

de.methodpark.pkit.auth.SpnegoAuthenticator {
  com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    keyTab=""
    storeKey=true
    realm="<KERBEROS-REALM>"
    debug="false"
    principal="HTTP/<fqnd>@<KERBEROS-REALM>
}
Argument Description

Java Generic Security Services (JGSS)

JGSS is another Java Standard API, which has to be configured with your network information. Please edit the provided example file “/tomcat/webapps/pkit/WEB-INF/conf/krb5.conf” and replace the example values according to your network configuration: 

[libdefaults]
default_realm = <KERBEROS-REALM>
default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
forwardable = true
[realms]
<KERBEROS-REALM> = {
kdc = <ad-server-fqdn>:88
}
[domain_realm]
.<ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE
<ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE