I have been trying to follow the NegotiateKerberos (http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos) documentation but I'm having some trouble. First, The document references a security-service.xml in the deploy directory. I do not have one so I created one as follows:
| <?xml version="1.0" encoding="UTF-8"?> | | <server> | | <!-- JAAS security manager and realm mapping --> | <mbean code="org.jboss.security.plugins.JaasSecurityManagerService" | name="jboss.security:service=JaasSecurityManager"> | <!-- A flag which indicates whether the SecurityAssociation server mode | is set on service creation. This is true by default since the | SecurityAssociation should be thread local for multi-threaded server | operation. | --> | <attribute name="ServerMode">true</attribute> | <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute> | <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute> | <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout | in seconds. | If you want to disable caching of security credentials, set this to 0 to | force authentication to occur every time. This has no affect if the | AuthenticationCacheJndiName has been changed from the default value. | --> | <attribute name="DefaultCacheTimeout">1800</attribute> | <!-- DefaultCacheResolution: Specifies the default timed cache policy | resolution in seconds. This controls the interval at which the cache | current timestamp is updated and should be less than the DefaultCacheTimeout | in order for the timeout to be meaningful. This has no affect if the | AuthenticationCacheJndiName has been changed from the default value. | --> | <attribute name="DefaultCacheResolution">60</attribute> | <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute> | </mbean> | | </server> | I also had to set the login auth-method in my web.xml to BASIC, Negotiate was not recognised. | <login-config> | <auth-method>BASIC</auth-method> | <realm-name>Domain Login</realm-name> | </login-config> | When I try to login from a client, the login failes but I get no errors in the logs. I can see Security logs on my server and PDC that reference a kerberos login, but thats as far as I get. Has anyone successfully gotten kerberos login to work from the NegotiateKerberos documentation? Is there something I'm missing? I'm using JBoss 4.0.4.GA and Windows 2003/XP Thanks, David View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3963895#3963895 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3963895 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user