[jboss-user] [Security & JAAS/JBoss] - How to configure "Negotiate Kerberos"?
draggy
do-not-reply at jboss.com
Thu Apr 17 00:17:40 EDT 2008
Hello JBoss experts and professionals,
Currently, I’m using JBoss Portal 2.6.4 bundle with Application server 4.2.2 and referring to http://wiki.jboss.org/wiki/NegotiateKerberos about
| 3. Modify the ${jboss.server.dir}/conf/jboss-service.xml (if you installed via the JBoss Installer Jar, then the file you need to edit is ${jboss.server.dir}/deploy/security-service.xml) in the server you copied the jars to. You need to change the "jboss.security:service=JaasSecurityManager MBean" to use the new callback handler included with the negotiate jar.
| You need to find the mbean definition in the file, and add or change the CallbackHandlerClassName? attribute to be the following:
|
| <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>
|
| for 4.04 you may need to use ${jboss.server.dir}/deploy/security-service.xml) event it is not installed using the JBoss Installer Jar.
|
| for 4.05 you may need to use ${jboss.server.dir}\deploy\security.sar\META-INF\jboss-service.xml
|
I am not sure how to configure this particular parts:
| You need to find the mbean definition in the file, and add or change the CallbackHandlerClassName? attribute to be the following:
|
| <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>
|
And
| for 4.04 you may need to use ${jboss.server.dir}/deploy/security-service.xml) event it is not installed using the JBoss Installer Jar.
|
| for 4.05 you may need to use ${jboss.server.dir}\deploy\security.sar\META-INF\jboss-service.xml
|
However, I have managed to find JAAS in my jboss-service.xml:
| <!-- JAAS security manager and realm mapping -->
| <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
| name="jboss.security:service=JaasSecurityManager">
| <!-- A flag which indicates whether the SecurityAssociation server mode
| is set on service creation. This is true by default since the
| SecurityAssociation should be thread local for multi-threaded server
| operation.
| -->
| <attribute name="ServerMode">true</attribute>
| <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
| <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
| <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
| in seconds.
| If you want to disable caching of security credentials, set this to 0 to
| force authentication to occur every time. This has no affect if the
| AuthenticationCacheJndiName has been changed from the default value.
| -->
| <attribute name="DefaultCacheTimeout">1800</attribute>
| <!-- DefaultCacheResolution: Specifies the default timed cache policy
| resolution in seconds. This controls the interval at which the cache
| current timestamp is updated and should be less than the DefaultCacheTimeout
| in order for the timeout to be meaningful. This has no affect if the
| AuthenticationCacheJndiName has been changed from the default value.
| -->
| <attribute name="DefaultCacheResolution">60</attribute>
| <!-- DeepCopySubjectMode: This set the copy mode of subjects done by the
| security managers to be deep copies that makes copies of the subject
| principals and credentials if they are cloneable. It should be set to
| true if subject include mutable content that can be corrupted when
| multiple threads have the same identity and cache flushes/logout clearing
| the subject in one thread results in subject references affecting other
| threads.
| -->
| <attribute name="DeepCopySubjectMode">false</attribute>
| </mbean>
|
May I know how to configure it?
Thank you
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4144701#4144701
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4144701
More information about the jboss-user
mailing list