geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Geronimo v2.1 > Configuring Kerberos Realm
Date Wed, 14 Apr 2010 05:48:00 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1520/1/1/_/styles/combined.css?spaceKey=GMOxDOC21&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background-color: white" bgcolor="white">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
     <h2><a href="http://cwiki.apache.org/confluence/display/GMOxDOC21/Configuring+Kerberos+Realm">Configuring
Kerberos Realm</a></h2>
     <h4>Page <b>edited</b> by             <a href="http://cwiki.apache.org/confluence/display/~chirunhua@gmail.com">Runhua
Chi</a>
    </h4>
     
          <br/>
     <div class="notificationGreySide">
         
<p>In Geronimo, you can create your own custom realm type when none of the provided
ones fit your environment needs.This requires creating your own implementation of a <tt>org.apache.geronimo.security.realm.providers</tt>,
which implements the <tt>javax.security.auth.spi.LoginModule</tt> interface, then
use the customized realm by choosing the <b>Other</b> realm from console.</p>

<h1><a name="ConfiguringKerberosRealm-Kerberosrealm"></a>Kerberos realm</h1>

<p>Starting from Geronimo 2.1.5, Kerberoes realm is supported by providing a wrapper
class named <tt>org. apache.geronimo.security.realm.providers.KerberosLoginModule</tt>
leveraging kerberoes protocol implementation of underlying Java platforms. </p>

<p>To create a new security realm, click <b>Add new security realm</b> from
the <b>Security Realms</b> portlet. On the next page, enter <b>Kerberoes_security_realm</b>
in the name of <b>Security Realm:</b> field and select <b>Other</b>
from the <b>Realm type:</b> dropdown box. Then click <b>Next</b> and
fill in the following parameters:</p>
<ul>
	<li>The Value of <b>Login Module Class</b> should be <tt>org. apache.geronimo.security.realm.providers.KerberosLoginModule</tt></li>
	<li>The value of <b>Configuration options</b> for IBM Java platform should
be:
<div class="panel" style="border-width: 1px;"><div class="panelContent">
<p>addOnPrincipalName=admin<br/>
addOnPrincipalClass=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal<br/>
krb_debug=true<br/>
krb5LoginModuleClass=com.ibm.security.auth.module.Krb5LoginModule</p>
</div></div></li>
	<li>Leave the other values as default.
<br clear="all" /></li>
</ul>


<p>If you are using Sun Java platform, the value of <b>Configuration Options</b>
for Kerberoes realm should be:</p>
<div class="panel" style="border-width: 1px;"><div class="panelContent">
<p>addOnPrincipalName=admin<br/>
addOnPrincipalClass=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal<br/>
krb_debug=true<br/>
krb5LoginModuleClass=com.sun.security.auth.module.Krb5LoginModule</p>
</div></div>
     </div>
     <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href="http://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
       </div>

       <a href="http://cwiki.apache.org/confluence/display/GMOxDOC21/Configuring+Kerberos+Realm">View
Online</a>
       |
       <a href="http://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=9797886&revisedVersion=4&originalVersion=3">View
Change</a>
              |
       <a href="http://cwiki.apache.org/confluence/display/GMOxDOC21/Configuring+Kerberos+Realm?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message