Child pages
  • Configuring Kerberos Realm
Skip to end of metadata
Go to start of metadata

In Geronimo, you can create your own custom realm type when none of the provided ones fit your environment needs. This requires creating your own implementation of a org.apache.geronimo.security.realm.providers class, which implements the javax.security.auth.spi.LoginModule interface to acquire credentials, then use the customized realm by choosing the Other realm from console.

Kerberos realm

Starting from Geronimo 2.2.1, Kerberoes realm is supported by providing a wrapper class named org.apache.geronimo.security.realm.providers.KerberosLoginModule leveraging kerberoes protocol implementation of underlying Java platforms.

To create a new security realm, click Add new security realm from the Security Realms portlet. On the next page, enter Kerberoes_security_realm in the name of Security Realm: field and select Other from the Realm type: dropdown box. Then click Next and fill in the following parameters:

  • The Value of Login Module Class should be org. apache.geronimo.security.realm.providers.KerberosLoginModule
  • The value of Configuration options for IBM Java platform should be:

    addOnPrincipalName=admin
    addOnPrincipalClass=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
    krb_debug=true
    krb5LoginModuleClass=com.ibm.security.auth.module.Krb5LoginModule

  • Leave the other values as default.

If you are using Sun Java platform, the value of Configuration Options for Kerberoes realm should be:

addOnPrincipalName=admin
addOnPrincipalClass=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
krb_debug=true
krb5LoginModuleClass=com.sun.security.auth.module.Krb5LoginModule

  • No labels