0 Replies Latest reply on Dec 21, 2005 11:39 AM by capitan.mosca

    Negotiate Kerberos

    capitan.mosca
    capitan.mosca Dec 21, 2005 11:39 AM

      hi all,
      I'm trying to configure my jboss to use kerberos to authenticate the user.

      The confiration files I use are...

      web.xml

<web-app>
 <display-name>Hello World</display-name>

 <security-constraint>
 <web-resource-collection>
 <web-resource-name>HelloWorldSec</web-resource-name>
 <description>
 An example security config that only allows users with the
 role JBossAdmin to access the HTML JMX console web application
 </description>
 <url-pattern>/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>PP</role-name>
 </auth-constraint>
 </security-constraint>
 <login-config>
 <auth-method>Negotiate</auth-method>
 <realm-name>Test Realm</realm-name>
 </login-config>
 <security-role>
 <description>The single application role</description>
 <role-name>PP</role-name>
 </security-role>
 <security-role-ref>
 <role-name>PP</role-name>
 <role-link>user</role-link>
 </security-role-ref>
</web-app>



      login-config.xml

.....
<application-policy name="KRB">
 <authentication>
 <login-module code="com.sun.security.auth.module.Krb5LoginModule"
 flag = "required">
 <module-option name="useTicketCache">true</module-option>
 <module-option name="debug">true</module-option>
 </login-module>
 </authentication>
 </application-policy>
...



      context.xml

<Context>
 <Valve className= "org.jboss.web.tomcat.security.HttpServletRequestResponseValve" />
</Context>



      jboss-web.xml

<jboss-web>
 <security-domain>java:/jaas/KRB</security-domain>
</jboss-web>


      And the log gives me this info 

      JBoss_4_0_3 date=200510042324)] Started in 23s:530ms
2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManager.KRB] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@18787c9
2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@e3cf25
2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManager.KRB] CachePolicy set to: org.jboss.util.TimedCachePolicy@348ab2
2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@348ab2
2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added KRB, org.jboss.security.plugins.SecurityDomainContext@17dbeaf to map
2005-12-21 17:35:44,289 INFO [STDOUT] Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
2005-12-21 17:35:44,289 INFO [STDOUT] Acquire TGT from Cache
2005-12-21 17:35:44,414 INFO [STDOUT] Principal is S236@ES.INT.COM
2005-12-21 17:35:44,445 INFO [STDOUT] Commit Succeeded
2005-12-21 17:35:44,445 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: GenericPrincipal[()]


      I have a lot of doubts about web.xml...

      Is Negotiate a correct "auth-method"?
      What does "realm-name" work for?

      Thanks in advance!

      iván

      • 1591 Views
      • Tags: