Shash,
I'm not sure how useful this module will be, but I'm learning a lot
about the framework and I appreciate your patience. More below...
>
> Gene,
>
> > Just checked everything out fresh, to get the new re-org changes to
> > work with ant 1.6 (that part is working),
> Woo-hoo! That's good to know, always good to have
> independent verification.
>
> > and see a few problems with this
> > Kerberos module (probably my fault):
> >
> Nope...not your fault. That's what happens when I do "one
> last fix before I call it a night" thing....
>
> > I think my idea was to distinguish the java login module "krb5" from
> > the keel service as "kerb5". Probably a poor idea. Anyway, there
> > are a few references that need to be fixed or the module itself
> > could be refactored:
> >
>
> No need to refactor the module....easy enough to change the build
> configuration. BTW, the "Required" in jaas.config, needs to be
> "required". I just fixed that and a couple other things in
> keel-server/system.xconf, and
> keel-server/jaas.config....please update those two files.
>
> > svc-authentication-kerb5 -> conf -> server -> system.xconf should
> > have <project name="svc-authentication-kerb5"
> default="Usage"
> > basedir="../keel-build">
> >
> > keel-build -> import -> keel-iterate.xml should have
> > <target name="svc-authentication-kerb5"
> > if="service.authentication.kerb5">
> > <moduleant name="svc-authentication-kerb5"
> > if="service.authentication.kerb5"/>
> > </target>
> >
> > keel-server -> conf -> server -> jaas.config should have
> this section
> > Kerb5Login {
> > com.sun.security.auth.module.Krb5LoginModule
> > Required
> > debug=true;
> > };
> > ( I know I messed that one up )
> >
> > That should get it to build successfully. Below I'll
> include a basic
> > config howto. I also noticed in my eclipse cvs browser that the all
> > module contains an erroneous reference to
> svc-authentication-krb5. I'm
> > not sure how I did that. Kewl
> >
> If you can, can you send me patch files, as you've seen from
> my spelling in
> various emails, typos like me a whole lot! In Eclipse,
> select the project, or
> files, and then Team->Create patch.
>
Will do on the patch, didn't realize how to do that, but it looks simple
enough. I'm trying to get all the changes in first...
> > Question: Is there any way to get java system properties established
> > from within the individual module? As opposed to having to have
> > keel-server conf files updated for any module that happens to need a
> > system property.
>
> Yes, in fact, a much better idea. In
> keel-server/conf/server/system.xconf,
> put an id="something" attribute on <system-properties>. The put a
> <system-properties id="something"> in the Kerberos auth
> modules, system.xconf
> and the Keel config. system will merge the two.
>
I really like this configuration better, and tried to implement. From
what I understand of your instructions, my keel-server/system.xconf
should look something like this:
<system-properties id="keelsps">
<property name="java.security.auth.login.config"
value="%conf%/jaas.config"/>
<!-- number of seconds before a model "times out" if it has not
returned a response -->
<property name="model.timeout" value="60"/>
</system-properties>
And my svc-authentication-kerb5/system.xconf should look something like
this:
<system-properties id="keelsps">
<property name="java.security.auth.krb5.realm"
value="my.realm"/>
<property name="java.security.auth.krb5.kdc" value="mykdc"/>
</system-properties>
Correct? But, this is what I get at the console:
[KeelMetaInfoManager] Initialize
Configuration Exception:
org.apache.avalon.framework.configuration.ConfigurationException: No
class found matching configuration name [name: system-properties,
location: Merged [layer:
file:/D:/eclipse/workspace/keel-build/deploy/jakarta-tomcat-4.1.29/webap
ps/struts/WEB-INF/keel/server/conf/svc-authentication-kerb5/system.xconf
:3:34, base:
file:/D:/eclipse/workspace/keel-build/deploy/jakarta-tomcat-4.1.29/webap
ps/struts/WEB-INF/keel/server/conf/system.xconf:26:37]]
at
org.apache.avalon.fortress.impl.DefaultContainer.getClassname(Default
Container.java:206)
Guidance, please. I've tried several configurations, but all get
basically the same error as above, and then spit out the Configuration
information dump.
> >
> > HOWTO
> > Add the following line to your -deploy.properties file under
> > keel-build->dprop: service.authentication.kerb5=true
> >
> > There are two ways to configure the module to know about your realm.
> > First, edit the system properties in
> > keel-server->conf->server->system.xconf that describe your realm and
> > kdc. ie:
> > <system-properties>
> > <property name="java.security.auth.login.config"
> > value="%conf%/jaas.config"/>
> > <property name="java.security.krb5.realm"
> > value="my.work.realm.net"/>
> > <property name="java.security.krb5.kdc" value="mykdc"/>
> > <!-- number of seconds before a model "times out"
> if it has not
> > returned a response -->
> > <property name="model.timeout" value="60"/>
> > </system-properties>
> >
> > Second, create a Kerberos V configuration file (see Kerberos V
> > documentation for specifics) at the default location for
> your flavor
> > of OS that describes your realm. Be it known that the
> system properties
> > will override the configuration file settings if both are
> present, in
> > effect disabling cross realm authentication.
> >
> > Then see the Authentication HOWTO for adapting the system
> to your needs.
> >
> How about adding this directly to the Auth. HOWTO?
>
Done.
> Shash
> http://keelframework.org/documentation
> Keelgroup mailing list
> [EMAIL PROTECTED]
> http://lists.keelframework.com/listinfo.cgi/keelgroup-keelfram
ework.com
http://keelframework.org/documentation
Keelgroup mailing list
[EMAIL PROTECTED]
http://lists.keelframework.com/listinfo.cgi/keelgroup-keelframework.com
