Kerberos

Kerberos Active Directory

• set | grep -i logon # get logon server on windows

http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html

System properties:

• java.security.auth.login.config
• java.security.krb5.realm
• java.security.krb5.kdc
• java.security.krb5.debug

If you set values for these properties, then they override the default realm and KDC values specified in krb5.conf.

Interfaces:

• javax.security.auth.spi.LoginModule

Classes:

• javax.security.auth.callback.CallbackHandler

• javax.security.auth.login.LoginContext

• com.sun.security.auth.module.Krb5LoginModule // implements javax.security.auth.spi.LoginModule

Sample JAAS config for Krb5LoginModule

https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html

File jaas.conf:

JaasSample { com.sun.security.auth.module.Krb5LoginModule required; };

Sample Java ...

LoginContext lc = new LoginContext("JaasSample",   new TextCallbackHandler());

* java -Djava.security.krb5.realm=<your_realm> -Djava.security.krb5.kdc=<your_kdc> -Djava.security.auth.login.config=jaas.conf JaasAcn