My app has Kerberos single-sign-on working with a Krb5LoginModule in an application-policy
in its login-config.xml.
I'm wondering if there is any way to avoid setting the server SPN in this file (as the
"principal" module-option) and instead set it in memory, at initialization time
or similar. Does JBoss expose an MBean or other interface for configuring login contexts?
I surfed through the LoginContext, Configuration and similar JAAS API's but they
don't seem oriented toward letting you configure them (just to inspect).
What I'm after is letting my redeployable app mostly configure itself, since customers
will be setting it up to match their environment and I'd prefer to not force them to
get in and hand-edit XML. I've managed to get everything else that GSS-API needs
auto-configured (or defined to an unchanging value). I actually have a System property
that gets set at runtime with the name of the SPN (synthesized as my service's
name/ip), but I don't know how to get that value to be picked up by the named
login-module configuration - other than writing it out to login-config.xml, something
I'd prefer to avoid.
Thanks for any help.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222165#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...