My app has Kerberos single-sign-on working with a Krb5LoginModule in an application-policy in its login-config.xml.
I'm wondering if there is any way to avoid setting the server SPN in this file (as the "principal" module-option) and instead set it in memory, at initialization time or similar. Does JBoss expose an MBean or other interface for configuring login contexts? I surfed through the LoginContext, Configuration and similar JAAS API's but they don't seem oriented toward letting you configure them (just to inspect).
What I'm after is letting my redeployable app mostly configure itself, since customers will be setting it up to match their environment and I'd prefer to not force them to get in and hand-edit XML. I've managed to get everything else that GSS-API needs auto-configured (or defined to an unchanging value). I actually have a System property that gets set at runtime with the name of the SPN (synthesized as my service's name/ip), but I don't know how to get that value to be picked up by the named login-module configuration - other than writing it out to login-config.xml, something I'd prefer to avoid.
Thanks for any help.
you can include the login configuration in your deployment. See this article about "org.jboss.security.auth.login.DynamicLoginConfig": http://www.jboss.org/community/docs/DOC-9611
Hope this helps