cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r827704 - in /websites/production/cxf/content: cache/docs.pageCache docs/jaxrs-kerberos.html
Date Thu, 02 Aug 2012 10:47:27 GMT
Author: buildbot
Date: Thu Aug  2 10:47:27 2012
New Revision: 827704

Production update by buildbot for cxf


Modified: websites/production/cxf/content/cache/docs.pageCache
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jaxrs-kerberos.html
--- websites/production/cxf/content/docs/jaxrs-kerberos.html (original)
+++ websites/production/cxf/content/docs/jaxrs-kerberos.html Thu Aug  2 10:47:27 2012
@@ -135,7 +135,53 @@ The <a shape="rect" class="external-link
 <h3><a shape="rect" name="JAXRSKerberos-Unix"></a>Unix</h3>
+<p>1. Install the packages</p>
+<p>&gt; sudo apt-get install krb5-kdc krb5-admin-server</p>
+<p>During the installation enter "localhost" as the host name for Kerberos servers
(unless you have more specific host names to enter) and set a default realm, example, "MYCOMPANY.COM".
Follow the 1.2 step from this <a shape="rect" class="external-link" href=""
rel="nofollow">blog entry</a> to get this default realm set up properly.</p>
+<p>2. Create principals</p>
+<p>From the step 1.3 at <a shape="rect" class="external-link" href=""
rel="nofollow">this blog entry</a>:</p>
+<p>2.1 Create master key:<br clear="none">
+&gt; sudo kdb5_util create -s</p>
+<p>2.2 Create user and service principals</p>
+<p>&gt; sudo kadmin.local </p>
+<p>followed by</p>
+<p>&gt; addprinc alice<br clear="none">
+&gt; addprinc HTTP/localhost</p>
+<p>where 'HTTP/localhost' is the typical service principal name used in the Negotiate
scheme, replace 'localhost' if needed.<br clear="none">
+Add more user and service principals too as required.</p>
+<p>3 Start KDC</p>
+<p>&gt; sudo krb5kdc</p>
+<p>4. Create an optional ticket cache</p>
+<p>&gt; klist</p>
+<p>returns an empty response</p>
+<p>&gt; kinit alice</p>
+<p>&gt; klist</p>
+<p>confirms a TGT for 'alice' is in the cache.</p>
+<p>2.4 Create keytabs</p>
+<p>When keytabs are available, the principal password does not have to be specified
in the login configuration.<br clear="none">
+Please follow the step 1.4 from <a shape="rect" class="external-link" href=""
rel="nofollow">this blog entry</a>.</p>
+<p>Note, creating a keytab actually resets an original principal password, example,
after creating a keytab for 'alice' one would not be able to use the original password (TODO:
apparently this can be restored - find out how). Thus, if you'd like to experiment with keytabs
then you may want to have few user and service principals created, with only selected principals
using keytabs. </p>
 <h3><a shape="rect" name="JAXRSKerberos-Windows"></a>Windows</h3>
@@ -195,6 +241,7 @@ Book b = wc.get(Book.class);
+<p>In this example, the <a shape="rect" class="external-link" href="">KerberosClientKeyTab</a>
policy is used which links to the available keytab; otherwise AuthorizationPolicy 'UserName'
and 'Password' properties would most likely have to be set too (with the possible exceptions
on Windows) </p>
 <h3><a shape="rect" name="JAXRSKerberos-Configuringtheserviceprincipalname"></a>Configuring
the service principal name</h3>
@@ -264,6 +311,7 @@ Book b = wc.get(Book.class);
+<p>In this example, the <a shape="rect" class="external-link" href="">KerberosServer</a>
policy is used.</p>
 <h1><a shape="rect" name="JAXRSKerberos-CredentialDelegation"></a>Credential

View raw message