I have been trying to follow the NegotiateKerberos 
(http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos) documentation but 
I'm having some trouble. First, The document references a security-service.xml 
in the deploy directory. I do not have one so I created one as follows:

  | <?xml version="1.0" encoding="UTF-8"?>
  | <server>
  |    <!-- JAAS security manager and realm mapping -->
  |    <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
  |       name="jboss.security:service=JaasSecurityManager">
  |       <!-- A flag which indicates whether the SecurityAssociation server 
  |       is set on service creation. This is true by default since the
  |       SecurityAssociation should be thread local for multi-threaded server
  |       operation.
  |       -->
  |       <attribute name="ServerMode">true</attribute>
  |       <attribute 
  |       <attribute 
  |       <!-- DefaultCacheTimeout: Specifies the default timed cache policy 
  |       in seconds.
  |       If you want to disable caching of security credentials, set this to 0 
  |       force authentication to occur every time. This has no affect if the
  |       AuthenticationCacheJndiName has been changed from the default value.
  |       -->
  |       <attribute name="DefaultCacheTimeout">1800</attribute>
  |       <!-- DefaultCacheResolution: Specifies the default timed cache policy
  |       resolution in seconds. This controls the interval at which the cache
  |       current timestamp is updated and should be less than the 
  |       in order for the timeout to be meaningful. This has no affect if the
  |       AuthenticationCacheJndiName has been changed from the default value.
  |       -->
  |       <attribute name="DefaultCacheResolution">60</attribute>
  |     <attribute 
  |    </mbean>
  | </server>

I also had to set the login auth-method in my web.xml to BASIC, Negotiate was 
not recognised.

  |     <login-config>
  |       <auth-method>BASIC</auth-method>
  |       <realm-name>Domain Login</realm-name>
  |     </login-config>

When I try to login from a client, the login failes but I get no errors in the 
logs. I can see Security logs on my server and PDC that reference a kerberos 
login, but thats as far as I get. 

Has anyone successfully gotten kerberos login to work from the 
NegotiateKerberos documentation? Is there something I'm missing?

I'm using JBoss 4.0.4.GA and Windows 2003/XP

Thanks, David

View the original post : 

Reply to the post : 
jboss-user mailing list

Reply via email to