Differences

This shows you the differences between two versions of the page.

--- 72:configure_jaas_jgss [2018/07/06 18:37] – [Configure JAAS and JGSS Support on the Stages Server] bkkr
+++ 72:configure_jaas_jgss [2024/02/15 00:00] (current) – external edit 127.0.0.1
@@ Line 5: / Line 5: @@
 === Java Authentication and Authorization Service (JAAS) ===
-JAAS is a standard Java API, which has to be configured with your network settings. Please edit the provided example file “/tomcat/webapps/pkit/WEB-INF/conf/jaas.conf” and replace the example values according to your network configuration:
+JAAS is a standard Java API, which has to be configured with your network settings. Please edit the provided example file ''conf/jaas.conf'' and replace the example values according to your network configuration:
 <code>
@@ Line 11: / Line 11: @@
   com.sun.security.auth.module.Krb5LoginModule required
     useKeyTab=true
-    keyTab=""
+    keyTab="//**PATH_TO_KEYTAB_FILE**// "
     storeKey=true
     realm="<KERBEROS-REALM>"
     debug="false"
-    principal="HTTP/<fqnd>@<KERBEROS-REALM>
+    principal="HTTP/<fqnd>@<KERBEROS-REALM>";
-}
+};
 </code>
@@ Line 24: / Line 25: @@
 |<fqdn>|The full quantified DNS domain name of the Stages Server.|
-Example:
+Example:<code>
-<code>
 de.methodpark.pkit.auth.SpnegoAuthenticator {
  com.sun.security.auth.module.Krb5LoginModule required
@@ Line 34: / Line 34: @@
  realm="PKITBUILD.ER.METHODPARK.DE"
  debug="false"
- principal="HTTP/pkit.methodpark.de@PKITBUILD.ER.METHODPARK.DE"
+ principal="HTTP/pkit.methodpark.de@PKITBUILD.ER.METHODPARK.DE";
-}
+};
 </code>
 === Java Generic Security Services (JGSS) ===
-JGSS is another Java Standard API, which has to be configured with your network information. Please edit the provided example file “/tomcat/webapps/pkit/WEB-INF/conf/krb5.conf” and replace the example values according to your network configuration:
+JGSS is another Java Standard API, which has to be configured with your network information. Please edit the provided example file ''/conf/krb5.conf'' and replace the example values according to your network configuration:
 <code>
@@ Line 55: / Line 56: @@
 .<ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE
 <ad-dns-domain> = PKITBUILD.ER.METHODPARK.DE
 </code>
+^Argument  ^Description  |
+|<KERBEROS-REALM>|The Active Directory Kerberos realm. By default this is the domain name of your Active Directory in capital letters.|
+|<ad-server-fqdn>|The full qualified DNS name of the Active Directory server.|
+|<ad-dns-domain>|The DNS domain which belongs to the Active Directory.|
+Example:<code>
+[libdefaults]
+default_realm = PKITBUILD.ER.METHODPARK.DE
+default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
+default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
+forwardable = true
+[realms]
+PKITBUILD.ER.METHODPARK.DE = {
+kdc = projectkit.pkitbuild.er.methodpark.de:88
+}
+[domain_realm]
+.pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE
+pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE
+</code>
+=== AES-256 encryption ===
+To use AES-256 encryption add  aes256-cts  to the list of  default_tkt_enctypes  and  default_tgs_enctypes .
+=== Configuration Test ===
+To test your JAAS and JGSS configuration in a Stages server environment proceed in the way described below:
+  * Open a command prompt and change to the <stages> directory.
+  * Type ''bin\testAutoLogin.bat''  (on Windows) or ''bin/testAutoLogin.sh'' (on Unix) and hit enter.
+  * Watch the command prompt for output messages.
+===   ===
 \\
-^ Argument     ^ Description     |
-| <KERBEROS-REALM> |The Active Directory Kerberos realm. By default this is the domain name of your Active Directory in capital letters. |
-|<ad-server-fqdn> | The full qualified DNS name of the Active Directory server. |
-| <ad-dns-domain> | The DNS domain which belongs to the Active Directory. |
-Example: