What is a keytab, and how do I use one? Introduction to Kerberos for Managers Crash Course to Kerberos Appendix D. Troubleshooting JAAS authentication with Kerberos http://www.roguelynn.com/words/explain-like-im-5-kerberos/ KDC = Kerberos Key Distribution Center TGT = Ticket Granting Ticket TGS = Ticket Granting Server For the configuration below (just a copy from spring security reference):
<sec:authentication-manager alias="authenticationManager"> <sec:authentication-provider ref="kerberosAuthenticationProvider"/> </sec:authentication-manager> <bean id="kerberosAuthenticationProvider" class="org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider"> <property name="kerberosClient"> <bean class="org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient"> <property name="debug" value="true"/> </bean> </property> <property name="userDetailsService" ref="dummyUserDetailsService"/> </bean> <bean class="org.springframework.security.kerberos.authentication.sun.GlobalSunJaasKerberosConfig"> <property name="debug" value="true" /> <property name="krbConfLocation" value="/path/to/krb5.ini"/> </bean> <bean id="dummyUserDetailsService" class="org.springframework.security.kerberos.docs.DummyUserDetailsService" />
The file /path/to/krb5.ini could be an exact copy of /etc/krb5.conf from the KDC machine. You'll have to make sure the host names used in krb5.ini's default_realm are accessible for the application.