geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r866167 - in /websites/production/geronimo/content: GMOxDOC22/using-spnego-in-geronimo.html cache/GMOxDOC22.pageCache
Date Wed, 19 Jun 2013 06:53:26 GMT
Author: buildbot
Date: Wed Jun 19 06:53:26 2013
New Revision: 866167

Log:
Production update by buildbot for geronimo

Modified:
    websites/production/geronimo/content/GMOxDOC22/using-spnego-in-geronimo.html
    websites/production/geronimo/content/cache/GMOxDOC22.pageCache

Modified: websites/production/geronimo/content/GMOxDOC22/using-spnego-in-geronimo.html
==============================================================================
--- websites/production/geronimo/content/GMOxDOC22/using-spnego-in-geronimo.html (original)
+++ websites/production/geronimo/content/GMOxDOC22/using-spnego-in-geronimo.html Wed Jun 19
06:53:26 2013
@@ -177,15 +177,15 @@ table.ScrollbarTable td.ScrollbarNextIco
 <pre class="code-java"> 
 [libdefaults]
   default_realm = XYZ.COM
-     default_keytab_name = FILE:c:\winnt\krb5.keytab
-     default_tkt_enctypes = rc4-hmac,des-cbc-md4,des-cbc-crc
-     default_tgs_enctypes = rc4-hmac,des-cbc-md4,des-cbc-crc
-     forwardable=<span class="code-keyword">true</span> 
+  default_keytab_name = FILE:c:\winnt\krb5.keytab
+  default_tkt_enctypes = rc4-hmac,des-cbc-md4,des-cbc-crc
+  default_tgs_enctypes = rc4-hmac,des-cbc-md4,des-cbc-crc
+  forwardable=<span class="code-keyword">true</span> 
 [realms]
   XYZ.COM = {
-        kdc = domaincontroller.xyz.com:88
-        default_domain = xyz.com   
-        }
+      kdc = domaincontroller.xyz.com:88
+      default_domain = xyz.com   
+  }
 [domain_realm]
   xyz.com= XYZ.COM
   .xyz.com = XYZ.COM
@@ -212,8 +212,41 @@ table.ScrollbarTable td.ScrollbarNextIco
             <span class="code-tag">&lt;/dependency&gt;</span>
         <span class="code-tag">&lt;/dependencies&gt;</span>
     <span class="code-tag">&lt;/environment&gt;</span>
-    &lt;gbean name=<span class="code-quote">"SpnegoTest"</span> class=<span
class="code-quote">"org.apache.geronimo.security.realm.GenericSecurityRealm"</span>
xsi:type=<span class="code-quote">"dep:gbeanType"</span> 
-                 <span class="code-keyword">xmlns:dep</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>
<span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>&gt;
+
+    &lt;!-- 
+      The ConfigEntry and KerberosLoginModule GBeans are not needed on IBM JVM. 
+     --&gt;
+
+    &lt;gbean name=<span class="code-quote">"ConfigEntry"</span> class=<span
class="code-quote">"org.apache.geronimo.security.jaas.DirectConfigurationEntry"</span>
+           xsi:type=<span class="code-quote">"dep:gbeanType"</span> <span
class="code-keyword">xmlns:dep</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>
+           <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>&gt;
+        <span class="code-tag">&lt;attribute name=<span class="code-quote">"applicationConfigName"</span>&gt;</span>com.sun.security.jgss.accept<span
class="code-tag">&lt;/attribute&gt;</span>
+        <span class="code-tag">&lt;attribute name=<span class="code-quote">"controlFlag"</span>&gt;</span>REQUIRED<span
class="code-tag">&lt;/attribute&gt;</span>
+        <span class="code-tag">&lt;reference name=<span class="code-quote">"Module"</span>&gt;</span>
+            <span class="code-tag">&lt;name&gt;</span>KerberosLoginModule<span
class="code-tag">&lt;/name&gt;</span>
+        <span class="code-tag">&lt;/reference&gt;</span>
+    <span class="code-tag">&lt;/gbean&gt;</span>
+
+    &lt;gbean name=<span class="code-quote">"KerberosLoginModule"</span>
class=<span class="code-quote">"org.apache.geronimo.security.jaas.LoginModuleGBean"</span>
+           xsi:type=<span class="code-quote">"dep:gbeanType"</span> <span
class="code-keyword">xmlns:dep</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>
+           <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>&gt;
+        <span class="code-tag">&lt;attribute name=<span class="code-quote">"loginModuleClass"</span>&gt;</span>org.apache.geronimo.security.realm.providers.KerberosLoginModule<span
class="code-tag">&lt;/attribute&gt;</span>
+        <span class="code-tag">&lt;attribute name=<span class="code-quote">"loginDomainName"</span>&gt;</span>unspecified<span
class="code-tag">&lt;/attribute&gt;</span>
+        <span class="code-tag">&lt;attribute name=<span class="code-quote">"options"</span>&gt;</span>
+          krb5LoginModuleClass=com.sun.security.auth.module.Krb5LoginModule
+          krb_debug=true
+          krb_useKeyTab=true
+          krb_storeKey=true          
+          krb_doNotPrompt=true
+          krb_isInitiator=false
+          krb_keyTab=c:/winnt/krb5.keytab
+          krb_principal=HTTP/test.xyz.com@XYZ.COM
+        <span class="code-tag">&lt;/attribute&gt;</span>
+    <span class="code-tag">&lt;/gbean&gt;</span>
+    
+    &lt;gbean name=<span class="code-quote">"SpnegoTest"</span> class=<span
class="code-quote">"org.apache.geronimo.security.realm.GenericSecurityRealm"</span>
+           xsi:type=<span class="code-quote">"dep:gbeanType"</span> <span
class="code-keyword">xmlns:dep</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>

+           <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>&gt;
         <span class="code-tag">&lt;attribute name=<span class="code-quote">"realmName"</span>&gt;</span>SpnegoTest<span
class="code-tag">&lt;/attribute&gt;</span>
         <span class="code-tag">&lt;reference name=<span class="code-quote">"ServerInfo"</span>&gt;</span>
             <span class="code-tag">&lt;name&gt;</span>ServerInfo<span
class="code-tag">&lt;/name&gt;</span>
@@ -223,11 +256,11 @@ table.ScrollbarTable td.ScrollbarNextIco
                 <span class="code-tag">&lt;log:login-module control-flag=<span
class="code-quote">"SUFFICIENT"</span> wrap-principals=<span class="code-quote">"false"</span>&gt;</span>
                     <span class="code-tag">&lt;log:login-domain-name&gt;</span>SpnegoTest<span
class="code-tag">&lt;/log:login-domain-name&gt;</span>
                     <span class="code-tag">&lt;log:login-module-class&gt;</span>org.apache.geronimo.security.realm.providers.SpnegoLoginModule<span
class="code-tag">&lt;/log:login-module-class&gt;</span>
-                    <span class="code-tag">&lt;log:option name=<span class="code-quote">"targetName"</span>&gt;</span>http/test.xyz.com<span
class="code-tag">&lt;/log:option&gt;</span>
-					<span class="code-tag">&lt;log:option name=<span class="code-quote">"ldapUrl"</span>&gt;</span>ldap://domaincontroller.xyz.com:389<span
class="code-tag">&lt;/log:option&gt;</span>
-					<span class="code-tag">&lt;log:option name=<span class="code-quote">"ldapLoginName"</span>&gt;</span>testuser<span
class="code-tag">&lt;/log:option&gt;</span>
-					<span class="code-tag">&lt;log:option name=<span class="code-quote">"ldapLoginPassword"</span>&gt;</span>testuser123<span
class="code-tag">&lt;/log:option&gt;</span>
-					<span class="code-tag">&lt;log:option name=<span class="code-quote">"searchBase"</span>&gt;</span>DC=xyz,DC=com<span
class="code-tag">&lt;/log:option&gt;</span>
+                    <span class="code-tag">&lt;log:option name=<span class="code-quote">"targetName"</span>&gt;</span>HTTP/test.xyz.com<span
class="code-tag">&lt;/log:option&gt;</span>
+                    <span class="code-tag">&lt;log:option name=<span class="code-quote">"ldapUrl"</span>&gt;</span>ldap://domaincontroller.xyz.com:389<span
class="code-tag">&lt;/log:option&gt;</span>
+                    <span class="code-tag">&lt;log:option name=<span class="code-quote">"ldapLoginName"</span>&gt;</span>testuser<span
class="code-tag">&lt;/log:option&gt;</span>
+                    <span class="code-tag">&lt;log:option name=<span class="code-quote">"ldapLoginPassword"</span>&gt;</span>testuser123<span
class="code-tag">&lt;/log:option&gt;</span>
+                    <span class="code-tag">&lt;log:option name=<span class="code-quote">"searchBase"</span>&gt;</span>DC=xyz,DC=com<span
class="code-tag">&lt;/log:option&gt;</span>
                 <span class="code-tag">&lt;/log:login-module&gt;</span>
                 <span class="code-tag">&lt;log:login-module control-flag=<span
class="code-quote">"SUFFICIENT"</span> wrap-principals=<span class="code-quote">"false"</span>&gt;</span>
                     <span class="code-tag">&lt;log:login-domain-name&gt;</span>demo-properties-realm<span
class="code-tag">&lt;/log:login-domain-name&gt;</span>
@@ -295,7 +328,7 @@ table.ScrollbarTable td.ScrollbarNextIco
 
 <h1><a shape="rect" name="UsingSPNEGOinGeronimo-Fewveryimportantpointstonote"></a>Few
very important points to note</h1>
 
-<ul><li>Make sure that you use Basic as the authentication mechanism in your
web application if you want to configure Spnego with geronimo.</li><li>The realm
provided is a combination of 2 login modules which can be easily created through geronimo
administrative console.</li><li>While you are creating a security realm for Spnego
loginmodule you need to just specify one option that will be of the form "targetName=http/&lt;fully_qualified_host_name&gt;".
Have a look at the sample realm. This will give you an idea of the option to be used.</li><li>Make
sure you choose sufficient as the control-flag while creating the 2 login modules.</li><li>Make
sure you map only one user to SPN as defined in #2 of  "Setting up the Active Directory Domain
Controller".</li></ul>
+<ul><li>Make sure that you use Basic as the authentication mechanism in your
web application if you want to configure Spnego with geronimo.</li><li>The realm
provided is a combination of 2 login modules which can be easily created through geronimo
administrative console.</li><li>While you are creating a security realm for Spnego
loginmodule you need to just specify one option that will be of the form "targetName=HTTP/&lt;fully_qualified_host_name&gt;".
Have a look at the sample realm. This will give you an idea of the option to be used.</li><li>Make
sure you choose sufficient as the control-flag while creating the 2 login modules.</li><li>Make
sure you map only one user to SPN as defined in #2 of  "Setting up the Active Directory Domain
Controller".</li></ul>
 </div>
         </div>
 

Modified: websites/production/geronimo/content/cache/GMOxDOC22.pageCache
==============================================================================
Binary files - no diff available.



Mime
View raw message