hi all, I'm trying to configure my jboss to use kerberos to authenticate the user.
The confiration files I use are... | web.xml | | <web-app> | <display-name>Hello World</display-name> | | <security-constraint> | <web-resource-collection> | <web-resource-name>HelloWorldSec</web-resource-name> | <description> | An example security config that only allows users with the | role JBossAdmin to access the HTML JMX console web application | </description> | <url-pattern>/*</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | </web-resource-collection> | <auth-constraint> | <role-name>PP</role-name> | </auth-constraint> | </security-constraint> | <login-config> | <auth-method>Negotiate</auth-method> | <realm-name>Test Realm</realm-name> | </login-config> | <security-role> | <description>The single application role</description> | <role-name>PP</role-name> | </security-role> | <security-role-ref> | <role-name>PP</role-name> | <role-link>user</role-link> | </security-role-ref> | </web-app> | | login-config.xml | | ..... | <application-policy name="KRB"> | <authentication> | <login-module code="com.sun.security.auth.module.Krb5LoginModule" | flag = "required"> | <module-option name="useTicketCache">true</module-option> | <module-option name="debug">true</module-option> | </login-module> | </authentication> | </application-policy> | ... | | context.xml | | <Context> | <Valve className= "org.jboss.web.tomcat.security.HttpServletRequestResponseValve" /> | </Context> | | jboss-web.xml | | <jboss-web> | <security-domain>java:/jaas/KRB</security-domain> | </jboss-web> | And the log gives me this info | JBoss_4_0_3 date=200510042324)] Started in 23s:530ms | 2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManager.KRB] CallbackHandler: [EMAIL PROTECTED] | 2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created [EMAIL PROTECTED] | 2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManager.KRB] CachePolicy set to: [EMAIL PROTECTED] | 2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, [EMAIL PROTECTED] | 2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added KRB, [EMAIL PROTECTED] to map | 2005-12-21 17:35:44,289 INFO [STDOUT] Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false | 2005-12-21 17:35:44,289 INFO [STDOUT] Acquire TGT from Cache | 2005-12-21 17:35:44,414 INFO [STDOUT] Principal is [EMAIL PROTECTED] | 2005-12-21 17:35:44,445 INFO [STDOUT] Commit Succeeded | 2005-12-21 17:35:44,445 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: GenericPrincipal[()] | I have a lot of doubts about web.xml... Is Negotiate a correct "auth-method"? What does "realm-name" work for? Thanks in advance! iván View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3913814#3913814 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3913814 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user