|
Size: 1136
Comment:
|
Size: 1979
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 16: | Line 16: |
| Interfaces: * javax.security.auth.spi.LoginModule |
|
| Line 20: | Line 22: |
| * com.sun.security.auth.module.Krb5LoginModule | * com.sun.security.auth.module.Krb5LoginModule // implements javax.security.auth.spi.LoginModule * javax.security.auth.callback.NameCallback * javax.security.auth.callback.PasswordCallback |
| Line 22: | Line 26: |
| == Sample JAAS config == http://www.javaranch.com/journal/2008/04/authentication-using-JAAS.html |
== Sample JAAS config for Krb5LoginModule == https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html File '''jaas.conf''': |
| Line 25: | Line 33: |
| RanchLogin { com.javaranch.auth.RanchLoginModule required; }; | JaasSample { com.sun.security.auth.module.Krb5LoginModule required; }; |
| Line 28: | Line 36: |
| == LoginModule == http://www.avajava.com/tutorials/lessons/how-do-i-create-a-login-module.html |
Sample Java ... |
| Line 32: | Line 38: |
| LoginContext lc = new LoginContext("Test", new TestCallbackHandler(name, password)); //... public class TestLoginModule implements LoginModule { } |
LoginContext lc = new LoginContext("JaasSample", new TextCallbackHandler()); |
| Line 38: | Line 41: |
| {{{ Test { test.TestLoginModule required testOption=here_is_an_option; }; }}} |
The LoginModule will call the CallbackHandler to fill out the required info by the LoginModule. * java -Djava.security.krb5.realm=<your_realm> -Djava.security.krb5.kdc=<your_kdc> -Djava.security.auth.login.config=jaas.conf JaasAcn = Other LoginModules = * https://docs.oracle.com/javase/8/docs/api/javax/security/auth/spi/LoginModule.html * https://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/NTLoginModule.html * https://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html * https://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/UnixLoginModule.html |
Kerberos
Kerberos Active Directory
- set | grep -i logon # get logon server on windows
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html
System properties:
- java.security.auth.login.config
- java.security.krb5.realm
- java.security.krb5.kdc
- java.security.krb5.debug
If you set values for these properties, then they override the default realm and KDC values specified in krb5.conf.
Interfaces:
javax.security.auth.spi.LoginModule
Classes:
javax.security.auth.callback.CallbackHandler
javax.security.auth.login.LoginContext
com.sun.security.auth.module.Krb5LoginModule // implements javax.security.auth.spi.LoginModule
javax.security.auth.callback.NameCallback
javax.security.auth.callback.PasswordCallback
Sample JAAS config for Krb5LoginModule
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html
File jaas.conf:
JaasSample { com.sun.security.auth.module.Krb5LoginModule required; };Sample Java ...
LoginContext lc = new LoginContext("JaasSample", new TextCallbackHandler());The LoginModule will call the CallbackHandler to fill out the required info by the LoginModule.
java -Djava.security.krb5.realm=<your_realm> -Djava.security.krb5.kdc=<your_kdc> -Djava.security.auth.login.config=jaas.conf JaasAcn