This is an old revision of the document!
Configure JAAS and JGSS Support on the Stages Server
Java Authentication and Authorization Service (JAAS)
JAAS is a standard Java API, which has to be configured with your network settings. Please edit the provided example file “/tomcat/webapps/pkit/WEB-INF/conf/jaas.conf” and replace the example values according to your network configuration:
de.methodpark.pkit.auth.SpnegoAuthenticator {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab=""
storeKey=true
realm="<KERBEROS-REALM>"
debug="false"
principal="HTTP/<fqnd>@<KERBEROS-REALM>
}
| Argument | Description |
|---|---|
| <key-tab file> | The full path to the keytab file is |
Java Generic Security Services (JGSS)
JGSS is another Java Standard API, which has to be configured with your network information. Please edit the provided example file “/tomcat/webapps/pkit/WEB-INF/conf/krb5.conf” and replace the example values according to your network configuration:
[libdefaults]
default_realm = <KERBEROS-REALM>
default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
forwardable = true
[realms]
<KERBEROS-REALM> = {
kdc = <ad-server-fqdn>:88
}
[domain_realm]
.<ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE
<ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE