This is an old revision of the document!
Configure JAAS and JGSS Support on the Stages Server
Java Authentication and Authorization Service (JAAS)
JAAS is a standard Java API, which has to be configured with your network settings. Please edit the provided example file “/tomcat/webapps/pkit/WEB-INF/conf/jaas.conf” and replace the example values according to your network configuration:
de.methodpark.pkit.auth.SpnegoAuthenticator { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="" storeKey=true realm="<KERBEROS-REALM>" debug="false" principal="HTTP/<fqnd>@<KERBEROS-REALM> }
Argument | Description |
---|---|
<key-tab file> | The full path to the keytab file is |
Java Generic Security Services (JGSS)
JGSS is another Java Standard API, which has to be configured with your network information. Please edit the provided example file “/tomcat/webapps/pkit/WEB-INF/conf/krb5.conf” and replace the example values according to your network configuration:
[libdefaults] default_realm = <KERBEROS-REALM> default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc forwardable = true [realms] <KERBEROS-REALM> = { kdc = <ad-server-fqdn>:88 } [domain_realm] .<ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE <ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE