Spring security with kerberos

What is a keytab, and how do I use one?
Introduction to Kerberos for Managers
Crash Course to Kerberos
Appendix D. Troubleshooting
JAAS authentication with Kerberos
http://www.roguelynn.com/words/explain-like-im-5-kerberos/
KDC = Kerberos Key Distribution Center
TGT = Ticket Granting Ticket
TGS = Ticket Granting Server

For the configuration below (just a copy from spring security reference):

<sec:authentication-manager alias="authenticationManager">
	<sec:authentication-provider ref="kerberosAuthenticationProvider"/>
</sec:authentication-manager>

<bean id="kerberosAuthenticationProvider"
	class="org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider">
	<property name="kerberosClient">
		<bean class="org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient">
			<property name="debug" value="true"/>
		</bean>
	</property>
	<property name="userDetailsService" ref="dummyUserDetailsService"/>
</bean>

<bean
	class="org.springframework.security.kerberos.authentication.sun.GlobalSunJaasKerberosConfig">
	<property name="debug" value="true" />
	<property name="krbConfLocation" value="/path/to/krb5.ini"/>
</bean>

<bean id="dummyUserDetailsService"
	class="org.springframework.security.kerberos.docs.DummyUserDetailsService" />

The file /path/to/krb5.ini could be an exact copy of /etc/krb5.conf from the KDC machine. You'll have to make sure the host names used in krb5.ini's default_realm are accessible for the application.

adrhc's blog

Spring security with kerberos

Leave a Reply