You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by bu...@apache.org on 2013/06/19 08:53:26 UTC
svn commit: r866167 - in /websites/production/geronimo/content:
GMOxDOC22/using-spnego-in-geronimo.html cache/GMOxDOC22.pageCache
Author: buildbot
Date: Wed Jun 19 06:53:26 2013
New Revision: 866167
Log:
Production update by buildbot for geronimo
Modified:
websites/production/geronimo/content/GMOxDOC22/using-spnego-in-geronimo.html
websites/production/geronimo/content/cache/GMOxDOC22.pageCache
Modified: websites/production/geronimo/content/GMOxDOC22/using-spnego-in-geronimo.html
==============================================================================
--- websites/production/geronimo/content/GMOxDOC22/using-spnego-in-geronimo.html (original)
+++ websites/production/geronimo/content/GMOxDOC22/using-spnego-in-geronimo.html Wed Jun 19 06:53:26 2013
@@ -177,15 +177,15 @@ table.ScrollbarTable td.ScrollbarNextIco
<pre class="code-java">
[libdefaults]
default_realm = XYZ.COM
- default_keytab_name = FILE:c:\winnt\krb5.keytab
- default_tkt_enctypes = rc4-hmac,des-cbc-md4,des-cbc-crc
- default_tgs_enctypes = rc4-hmac,des-cbc-md4,des-cbc-crc
- forwardable=<span class="code-keyword">true</span>
+ default_keytab_name = FILE:c:\winnt\krb5.keytab
+ default_tkt_enctypes = rc4-hmac,des-cbc-md4,des-cbc-crc
+ default_tgs_enctypes = rc4-hmac,des-cbc-md4,des-cbc-crc
+ forwardable=<span class="code-keyword">true</span>
[realms]
XYZ.COM = {
- kdc = domaincontroller.xyz.com:88
- default_domain = xyz.com
- }
+ kdc = domaincontroller.xyz.com:88
+ default_domain = xyz.com
+ }
[domain_realm]
xyz.com= XYZ.COM
.xyz.com = XYZ.COM
@@ -212,8 +212,41 @@ table.ScrollbarTable td.ScrollbarNextIco
<span class="code-tag"></dependency></span>
<span class="code-tag"></dependencies></span>
<span class="code-tag"></environment></span>
- <gbean name=<span class="code-quote">"SpnegoTest"</span> class=<span class="code-quote">"org.apache.geronimo.security.realm.GenericSecurityRealm"</span> xsi:type=<span class="code-quote">"dep:gbeanType"</span>
- <span class="code-keyword">xmlns:dep</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span> <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>>
+
+ <!--
+ The ConfigEntry and KerberosLoginModule GBeans are not needed on IBM JVM.
+ -->
+
+ <gbean name=<span class="code-quote">"ConfigEntry"</span> class=<span class="code-quote">"org.apache.geronimo.security.jaas.DirectConfigurationEntry"</span>
+ xsi:type=<span class="code-quote">"dep:gbeanType"</span> <span class="code-keyword">xmlns:dep</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>
+ <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>>
+ <span class="code-tag"><attribute name=<span class="code-quote">"applicationConfigName"</span>></span>com.sun.security.jgss.accept<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"controlFlag"</span>></span>REQUIRED<span class="code-tag"></attribute></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"Module"</span>></span>
+ <span class="code-tag"><name></span>KerberosLoginModule<span class="code-tag"></name></span>
+ <span class="code-tag"></reference></span>
+ <span class="code-tag"></gbean></span>
+
+ <gbean name=<span class="code-quote">"KerberosLoginModule"</span> class=<span class="code-quote">"org.apache.geronimo.security.jaas.LoginModuleGBean"</span>
+ xsi:type=<span class="code-quote">"dep:gbeanType"</span> <span class="code-keyword">xmlns:dep</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>
+ <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>>
+ <span class="code-tag"><attribute name=<span class="code-quote">"loginModuleClass"</span>></span>org.apache.geronimo.security.realm.providers.KerberosLoginModule<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"loginDomainName"</span>></span>unspecified<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"options"</span>></span>
+ krb5LoginModuleClass=com.sun.security.auth.module.Krb5LoginModule
+ krb_debug=true
+ krb_useKeyTab=true
+ krb_storeKey=true
+ krb_doNotPrompt=true
+ krb_isInitiator=false
+ krb_keyTab=c:/winnt/krb5.keytab
+ krb_principal=HTTP/test.xyz.com@XYZ.COM
+ <span class="code-tag"></attribute></span>
+ <span class="code-tag"></gbean></span>
+
+ <gbean name=<span class="code-quote">"SpnegoTest"</span> class=<span class="code-quote">"org.apache.geronimo.security.realm.GenericSecurityRealm"</span>
+ xsi:type=<span class="code-quote">"dep:gbeanType"</span> <span class="code-keyword">xmlns:dep</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>
+ <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>>
<span class="code-tag"><attribute name=<span class="code-quote">"realmName"</span>></span>SpnegoTest<span class="code-tag"></attribute></span>
<span class="code-tag"><reference name=<span class="code-quote">"ServerInfo"</span>></span>
<span class="code-tag"><name></span>ServerInfo<span class="code-tag"></name></span>
@@ -223,11 +256,11 @@ table.ScrollbarTable td.ScrollbarNextIco
<span class="code-tag"><log:login-module control-flag=<span class="code-quote">"SUFFICIENT"</span> wrap-principals=<span class="code-quote">"false"</span>></span>
<span class="code-tag"><log:login-domain-name></span>SpnegoTest<span class="code-tag"></log:login-domain-name></span>
<span class="code-tag"><log:login-module-class></span>org.apache.geronimo.security.realm.providers.SpnegoLoginModule<span class="code-tag"></log:login-module-class></span>
- <span class="code-tag"><log:option name=<span class="code-quote">"targetName"</span>></span>http/test.xyz.com<span class="code-tag"></log:option></span>
- <span class="code-tag"><log:option name=<span class="code-quote">"ldapUrl"</span>></span>ldap://domaincontroller.xyz.com:389<span class="code-tag"></log:option></span>
- <span class="code-tag"><log:option name=<span class="code-quote">"ldapLoginName"</span>></span>testuser<span class="code-tag"></log:option></span>
- <span class="code-tag"><log:option name=<span class="code-quote">"ldapLoginPassword"</span>></span>testuser123<span class="code-tag"></log:option></span>
- <span class="code-tag"><log:option name=<span class="code-quote">"searchBase"</span>></span>DC=xyz,DC=com<span class="code-tag"></log:option></span>
+ <span class="code-tag"><log:option name=<span class="code-quote">"targetName"</span>></span>HTTP/test.xyz.com<span class="code-tag"></log:option></span>
+ <span class="code-tag"><log:option name=<span class="code-quote">"ldapUrl"</span>></span>ldap://domaincontroller.xyz.com:389<span class="code-tag"></log:option></span>
+ <span class="code-tag"><log:option name=<span class="code-quote">"ldapLoginName"</span>></span>testuser<span class="code-tag"></log:option></span>
+ <span class="code-tag"><log:option name=<span class="code-quote">"ldapLoginPassword"</span>></span>testuser123<span class="code-tag"></log:option></span>
+ <span class="code-tag"><log:option name=<span class="code-quote">"searchBase"</span>></span>DC=xyz,DC=com<span class="code-tag"></log:option></span>
<span class="code-tag"></log:login-module></span>
<span class="code-tag"><log:login-module control-flag=<span class="code-quote">"SUFFICIENT"</span> wrap-principals=<span class="code-quote">"false"</span>></span>
<span class="code-tag"><log:login-domain-name></span>demo-properties-realm<span class="code-tag"></log:login-domain-name></span>
@@ -295,7 +328,7 @@ table.ScrollbarTable td.ScrollbarNextIco
<h1><a shape="rect" name="UsingSPNEGOinGeronimo-Fewveryimportantpointstonote"></a>Few very important points to note</h1>
-<ul><li>Make sure that you use Basic as the authentication mechanism in your web application if you want to configure Spnego with geronimo.</li><li>The realm provided is a combination of 2 login modules which can be easily created through geronimo administrative console.</li><li>While you are creating a security realm for Spnego loginmodule you need to just specify one option that will be of the form "targetName=http/<fully_qualified_host_name>". Have a look at the sample realm. This will give you an idea of the option to be used.</li><li>Make sure you choose sufficient as the control-flag while creating the 2 login modules.</li><li>Make sure you map only one user to SPN as defined in #2 of "Setting up the Active Directory Domain Controller".</li></ul>
+<ul><li>Make sure that you use Basic as the authentication mechanism in your web application if you want to configure Spnego with geronimo.</li><li>The realm provided is a combination of 2 login modules which can be easily created through geronimo administrative console.</li><li>While you are creating a security realm for Spnego loginmodule you need to just specify one option that will be of the form "targetName=HTTP/<fully_qualified_host_name>". Have a look at the sample realm. This will give you an idea of the option to be used.</li><li>Make sure you choose sufficient as the control-flag while creating the 2 login modules.</li><li>Make sure you map only one user to SPN as defined in #2 of "Setting up the Active Directory Domain Controller".</li></ul>
</div>
</div>
Modified: websites/production/geronimo/content/cache/GMOxDOC22.pageCache
==============================================================================
Binary files - no diff available.