= Kerberos = Kerberos Active Directory * set | grep -i logon # get logon server on windows http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html System properties: * java.security.auth.login.config * java.security.krb5.realm * java.security.krb5.kdc * java.security.krb5.debug If you set values for these properties, then they override the default realm and KDC values specified in krb5.conf. Interfaces: * javax.security.auth.spi.LoginModule * javax.security.auth.callback.Callback Classes: * javax.security.auth.callback.CallbackHandler * javax.security.auth.login.LoginContext * com.sun.security.auth.module.Krb5LoginModule // implements javax.security.auth.spi.LoginModule * javax.security.auth.callback.NameCallback * javax.security.auth.callback.PasswordCallback Interface javax.security.auth.callback.Callback provides means to pass info back to the login module. == Sample JAAS config for Krb5LoginModule == https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html File '''jaas.conf''': {{{ JaasSample { com.sun.security.auth.module.Krb5LoginModule required; }; }}} Sample Java ... {{{ LoginContext lc = new LoginContext("JaasSample", new TextCallbackHandler()); }}} The LoginModule will call the CallbackHandler to fill out the required info by the LoginModule. * java -Djava.security.krb5.realm= -Djava.security.krb5.kdc= -Djava.security.auth.login.config=jaas.conf JaasAcn = Other LoginModules = * https://docs.oracle.com/javase/8/docs/api/javax/security/auth/spi/LoginModule.html * https://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/NTLoginModule.html * https://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html * https://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/UnixLoginModule.html