geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Geronimo v2.2 > Configuring Kerberos Realm
Date Thu, 03 Jun 2010 05:51:00 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1810/9/1/_/styles/combined.css?spaceKey=GMOxDOC22&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="http://cwiki.apache.org/confluence/display/GMOxDOC22/Configuring+Kerberos+Realm">Configuring
Kerberos Realm</a></h2>
    <h4>Page  <b>added</b> by             <a href="http://cwiki.apache.org/confluence/display/~chirunhua@gmail.com">Runhua
Chi</a>
    </h4>
         <br/>
    <div class="notificationGreySide">
         <style type='text/css'>/*<![CDATA[*/
table.ScrollbarTable  {border: none;padding: 3px;width: 100%;padding: 3px;margin: 0px;background-color:
#f0f0f0}
table.ScrollbarTable td.ScrollbarPrevIcon {text-align: center;width: 16px;border: none;}
table.ScrollbarTable td.ScrollbarPrevName {text-align: left;border: none;}
table.ScrollbarTable td.ScrollbarParent {text-align: center;border: none;}
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width: 16px;border: none;}

/*]]>*/</style><div class="Scrollbar"><table class='ScrollbarTable'><tr><td
width='33%' class='ScrollbarPrevName'>&nbsp;</td><td width='33%' class='ScrollbarParent'><sup><a
href="/confluence/display/GMOxDOC22/Administering+security+realms"><img border='0' align='middle'
src='/confluence/images/icons/up_16.gif' width='8' height='8'></a></sup><a
href="/confluence/display/GMOxDOC22/Administering+security+realms">Administering security
realms</a></td><td width='33%' class='ScrollbarNextName'>&nbsp;</td></tr></table></div>

<p>In Geronimo, you can create your own custom realm type when none of the provided
ones fit your environment needs. This requires creating your own implementation of a <tt>org.apache.geronimo.security.realm.providers</tt>
class, which implements the <tt>javax.security.auth.spi.LoginModule</tt> interface
to acquire credentials, then use the customized realm by choosing the <b>Other</b>
realm from console.</p>

<h1><a name="ConfiguringKerberosRealm-Kerberosrealm"></a>Kerberos realm</h1>

<p>Starting from Geronimo 2.2.1, Kerberoes realm is supported by providing a wrapper
class named <tt>org.apache.geronimo.security.realm.providers.KerberosLoginModule</tt>
leveraging kerberoes protocol implementation of underlying Java platforms. </p>

<p>To create a new security realm, click <b>Add new security realm</b> from
the <b>Security Realms</b> portlet. On the next page, enter <b>Kerberoes_security_realm</b>
in the name of <b>Security Realm:</b> field and select <b>Other</b>
from the <b>Realm type:</b> dropdown box. Then click <b>Next</b> and
fill in the following parameters:</p>
<ul>
	<li>The Value of <b>Login Module Class</b> should be <tt>org. apache.geronimo.security.realm.providers.KerberosLoginModule</tt></li>
	<li>The value of <b>Configuration options</b> for IBM Java platform should
be:
<div class="panel" style="border-width: 1px;"><div class="panelContent">
<p>addOnPrincipalName=admin<br/>
addOnPrincipalClass=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal<br/>
krb_debug=true<br/>
krb5LoginModuleClass=com.ibm.security.auth.module.Krb5LoginModule</p>
</div></div></li>
	<li>Leave the other values as default.
<br class="atl-forced-newline" /></li>
</ul>


<p>If you are using Sun Java platform, the value of <b>Configuration Options</b>
for Kerberoes realm should be:</p>
<div class="panel" style="border-width: 1px;"><div class="panelContent">
<p>addOnPrincipalName=admin<br/>
addOnPrincipalClass=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal<br/>
krb_debug=true<br/>
krb5LoginModuleClass=com.sun.security.auth.module.Krb5LoginModule</p>
</div></div>
    </div>
    <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href="http://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
       </div>
       <a href="http://cwiki.apache.org/confluence/display/GMOxDOC22/Configuring+Kerberos+Realm">View
Online</a>
              |
       <a href="http://cwiki.apache.org/confluence/display/GMOxDOC22/Configuring+Kerberos+Realm?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
           </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message