I have been trying to follow the NegotiateKerberos (http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos) documentation but I'm having some trouble. First, The document references a security-service.xml in the deploy directory. I do not have one so I created one as follows:
<?xml version="1.0" encoding="UTF-8"?> <server> <!-- JAAS security manager and realm mapping --> <mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="jboss.security:service=JaasSecurityManager"> <!-- A flag which indicates whether the SecurityAssociation server mode is set on service creation. This is true by default since the SecurityAssociation should be thread local for multi-threaded server operation. --> <attribute name="ServerMode">true</attribute> <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute> <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute> <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout in seconds. If you want to disable caching of security credentials, set this to 0 to force authentication to occur every time. This has no affect if the AuthenticationCacheJndiName has been changed from the default value. --> <attribute name="DefaultCacheTimeout">1800</attribute> <!-- DefaultCacheResolution: Specifies the default timed cache policy resolution in seconds. This controls the interval at which the cache current timestamp is updated and should be less than the DefaultCacheTimeout in order for the timeout to be meaningful. This has no affect if the AuthenticationCacheJndiName has been changed from the default value. --> <attribute name="DefaultCacheResolution">60</attribute> <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute> </mbean> </server>
I also had to set the login auth-method in my web.xml to BASIC, Negotiate was not recognised.
<login-config> <auth-method>BASIC</auth-method> <realm-name>Domain Login</realm-name> </login-config>
When I try to login from a client, the login failes but I get no errors in the logs. I can see Security logs on my server and PDC that reference a kerberos login, but thats as far as I get.
Has anyone successfully gotten kerberos login to work from the NegotiateKerberos documentation? Is there something I'm missing?
I'm using JBoss 4.0.4.GA and Windows 2003/XP