Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
72:configure_jaas_jgss [2018/11/29 11:30]
evt [Configure JAAS and JGSS Support on the Stages Server]
72:configure_jaas_jgss [2020/03/04 11:40] (current)
Thomas Weinlein [Configure JAAS and JGSS Support on the Stages Server]
Line 10: Line 10:
 de.methodpark.pkit.auth.SpnegoAuthenticator { de.methodpark.pkit.auth.SpnegoAuthenticator {
   com.sun.security.auth.module.Krb5LoginModule required   com.sun.security.auth.module.Krb5LoginModule required
-    useKeyTab="true"+    useKeyTab=true
     keyTab="//​**PATH_TO_KEYTAB_FILE**//​ "     keyTab="//​**PATH_TO_KEYTAB_FILE**//​ "
-    storeKey="true"+    storeKey=true
     realm="<​KERBEROS-REALM>"​     realm="<​KERBEROS-REALM>"​
     debug="​false"​     debug="​false"​
-    principal="​HTTP/<​fqnd>​@<​KERBEROS-REALM>"​ +    principal="​HTTP/<​fqnd>​@<​KERBEROS-REALM>"​; 
-}+}
 </​code>​ </​code>​
  
Line 24: Line 25:
 |<​fqdn>​|The full quantified DNS domain name of the Stages Server.| |<​fqdn>​|The full quantified DNS domain name of the Stages Server.|
  
-Example:+Example:<​code>​
  
-<​code>​ 
 de.methodpark.pkit.auth.SpnegoAuthenticator { de.methodpark.pkit.auth.SpnegoAuthenticator {
  ​com.sun.security.auth.module.Krb5LoginModule required  ​com.sun.security.auth.module.Krb5LoginModule required
Line 34: Line 34:
  ​realm="​PKITBUILD.ER.METHODPARK.DE"​  ​realm="​PKITBUILD.ER.METHODPARK.DE"​
  ​debug="​false"​  ​debug="​false"​
- ​principal="​HTTP/​pkit.methodpark.de@PKITBUILD.ER.METHODPARK.DE"​ + ​principal="​HTTP/​pkit.methodpark.de@PKITBUILD.ER.METHODPARK.DE"​; 
-}+}
 </​code>​ </​code>​
  
Line 55: Line 56:
 .<​ad-dns-domain>​ = PKITBUILD.ER.METHODPARK.DE .<​ad-dns-domain>​ = PKITBUILD.ER.METHODPARK.DE
 <​ad-dns-domain>​ = PKITBUILD.ER.METHODPARK.DE <​ad-dns-domain>​ = PKITBUILD.ER.METHODPARK.DE
 +
 </​code>​ </​code>​
  
Line 62: Line 64:
 |<​ad-dns-domain>​|The DNS domain which belongs to the Active Directory.| |<​ad-dns-domain>​|The DNS domain which belongs to the Active Directory.|
  
-Example:+Example:<​code>​
  
-<​code>​ 
 [libdefaults] [libdefaults]
 default_realm = PKITBUILD.ER.METHODPARK.DE default_realm = PKITBUILD.ER.METHODPARK.DE
Line 77: Line 78:
 .pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE .pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE
 pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE pkitbuild.er.methodpark.de = PKITBUILD.ER.METHODPARK.DE
 +
 </​code>​ </​code>​
 +
 +=== AES-256 encryption ===
 +
 +To use AES-256 encryption add  aes256-cts ​ to the list of  default_tkt_enctypes ​ and  default_tgs_enctypes .
  
 === Configuration Test === === Configuration Test ===
Line 83: Line 89:
 To test your JAAS and JGSS configuration in a Stages server environment proceed in the way described below: To test your JAAS and JGSS configuration in a Stages server environment proceed in the way described below:
  
-  * Open a command prompt and change to the <PKIT_HOME> directory.+  * Open a command prompt and change to the <stages> directory.
   * Type ''<​font inherit/​Courier New,​Courier,​monospace;;​inherit;;​inherit>​bin\testAutoLogin.bat</​font>'' ​ (on Windows) or <font inherit/​Courier New,​Courier,​monospace;;​inherit;;​inherit>''​bin/​testAutoLogin.sh''</​font>​ (on Unix) and hit enter.   * Type ''<​font inherit/​Courier New,​Courier,​monospace;;​inherit;;​inherit>​bin\testAutoLogin.bat</​font>'' ​ (on Windows) or <font inherit/​Courier New,​Courier,​monospace;;​inherit;;​inherit>''​bin/​testAutoLogin.sh''</​font>​ (on Unix) and hit enter.
   * Watch the command prompt for output messages.   * Watch the command prompt for output messages.
 +
 +===   ===
  
 \\ \\