0 Replies Latest reply on Dec 21, 2005 11:39 AM by capitan mosca

    Negotiate Kerberos

    capitan mosca Newbie

      hi all,
      I'm trying to configure my jboss to use kerberos to authenticate the user.

      The confiration files I use are...

      web.xml
      
      <web-app>
       <display-name>Hello World</display-name>
      
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>HelloWorldSec</web-resource-name>
       <description>
       An example security config that only allows users with the
       role JBossAdmin to access the HTML JMX console web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>PP</role-name>
       </auth-constraint>
       </security-constraint>
       <login-config>
       <auth-method>Negotiate</auth-method>
       <realm-name>Test Realm</realm-name>
       </login-config>
       <security-role>
       <description>The single application role</description>
       <role-name>PP</role-name>
       </security-role>
       <security-role-ref>
       <role-name>PP</role-name>
       <role-link>user</role-link>
       </security-role-ref>
      </web-app>
      


      login-config.xml
      
      .....
      <application-policy name="KRB">
       <authentication>
       <login-module code="com.sun.security.auth.module.Krb5LoginModule"
       flag = "required">
       <module-option name="useTicketCache">true</module-option>
       <module-option name="debug">true</module-option>
       </login-module>
       </authentication>
       </application-policy>
      ...
      


      context.xml
      
      <Context>
       <Valve className= "org.jboss.web.tomcat.security.HttpServletRequestResponseValve" />
      </Context>
      


      jboss-web.xml
      
      <jboss-web>
       <security-domain>java:/jaas/KRB</security-domain>
      </jboss-web>
      


      And the log gives me this info

      JBoss_4_0_3 date=200510042324)] Started in 23s:530ms
      2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManager.KRB] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@18787c9
      2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@e3cf25
      2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManager.KRB] CachePolicy set to: org.jboss.util.TimedCachePolicy@348ab2
      2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@348ab2
      2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added KRB, org.jboss.security.plugins.SecurityDomainContext@17dbeaf to map
      2005-12-21 17:35:44,289 INFO [STDOUT] Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
      2005-12-21 17:35:44,289 INFO [STDOUT] Acquire TGT from Cache
      2005-12-21 17:35:44,414 INFO [STDOUT] Principal is S236@ES.INT.COM
      2005-12-21 17:35:44,445 INFO [STDOUT] Commit Succeeded
      2005-12-21 17:35:44,445 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: GenericPrincipal[()]
      


      I have a lot of doubts about web.xml...

      Is Negotiate a correct "auth-method"?
      What does "realm-name" work for?

      Thanks in advance!

      iván