Kerberos
Kerberos Active Directory
- set | grep -i logon # get logon server on windows
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html
System properties:
- java.security.auth.login.config
- java.security.krb5.realm
- java.security.krb5.kdc
- java.security.krb5.debug
If you set values for these properties, then they override the default realm and KDC values specified in krb5.conf.
Interfaces:
javax.security.auth.spi.LoginModule
- javax.security.auth.callback.Callback
Classes:
javax.security.auth.callback.CallbackHandler
javax.security.auth.login.LoginContext
com.sun.security.auth.module.Krb5LoginModule // implements javax.security.auth.spi.LoginModule
javax.security.auth.callback.NameCallback
javax.security.auth.callback.PasswordCallback
Interface javax.security.auth.callback.Callback provides means to pass info back to the login module.
Sample JAAS config for Krb5LoginModule
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html
File jaas.conf:
JaasSample { com.sun.security.auth.module.Krb5LoginModule required; };Sample Java ...
LoginContext lc = new LoginContext("JaasSample", new TextCallbackHandler());The LoginModule will call the CallbackHandler to fill out the required info by the LoginModule.
java -Djava.security.krb5.realm=<your_realm> -Djava.security.krb5.kdc=<your_kdc> -Djava.security.auth.login.config=jaas.conf JaasAcn