Once again showing my ignorance, I've discovered the problem of the
config file for krb5.
keel-server -> conf -> server -> jaas.config should be have:
Kerb5Login
{
com.sun.security.auth.module.Krb5LoginModule
Required
debug=true
};
And keel-server -> conf -> server -> system.xconf needs this:
<system-properties>
<property name="java.security.auth.login.config"
value="%conf%/jaas.config"/>
<property name="java.security.krb5.realm" value="<YOUR.REALM>"/>
<property name="java.security.krb5.kdc" value="<YOUR.KDC>"/>
<!-- number of seconds before a model "times out" if it
has not returned a response -->
<property name="model.timeout" value="60"/>
</system-properties>
Then, you don't need to bother with the config file. However, if you
have a complex realm already set up and configured in an existing file,
and are much more familiar with Kerberos than I am, you may want to
leave those java property settings out, because the documentation states
that they overide any existing settings. The kerb implementation will
look for the config file in the default places on the respective
systems, which you probably already know.
Ciao
gene
> -----Original Message-----
> From: Gene McCullough
> Sent: Tuesday, January 20, 2004 11:30 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Keelgroup] Kerberos 5 authentication module -
> svc-authentication-kerb5
>
>
>
> > I'd be very interested in a svc-authentication-kerb5, and I'd
> > like to track down and make obvious any dependancies that are
> > "hidden", much like the one you ran into. If app-register
> > relies on certain implementations, we should either make that
> > clear, or make it not true :-)
>
> Attached is my project. Additionally, the following should
> be added to keel-server -> conf -> server -> jaas.config:
>
> Kerb5Login
> {
> com.sun.security.auth.module.Krb5LoginModule
> Required
> debug=true
> java.security.krb5.realm=<YOUR.REALM>
> java.security.krb5.kdc=<YOUR.KDC>;
> };
>
> According to Sun documentation located here
> http://java.sun.com/j2se/1.4.1/docs/guide/security/jgss/tutori
als/Kerber
osReq.html#SetProps, these settings are all you need. However, on my
Windoze system running XP, I also need a file located at
c:\winnt\krb5.ini (/etc/krb5.conf on Linux machines) with the following
info:
[libdefaults]
default_realm = <MY.REALM>
[realms]
<MY.REALM> = {
kdc = <FIRST.KDC>
kdc = <OPTIONAL.SECOND.KDC>
kdc = <OPTIONAL.Nth.KDC>
}
This file may just need to exist empty, I just know it doesn't work
without the file existing. See above link for more info.
And the additions to the build process for keel, of course.
Actually, the code is only one import and maybe 5 additional lines of
code different from svc-authentication-jndi. It may be you want to
integrate that way, but it still will confuse newbies like myself,
because it doesn't work with app-register.
Happy authenticating
gene
http://keelframework.org/documentation
Keelgroup mailing list
[EMAIL PROTECTED]
http://lists.keelframework.com/listinfo.cgi/keelgroup-keelframework.com
