Scribd
Upload
16 views8 pages

TAFJ-Kerberos Setup

Uploaded by

tienmh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views8 pages

TAFJ-Kerberos Setup

Uploaded by

tienmh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Doc u m e n t Hist o r y

Revi si o
Dat e Ame n d e d Na m e De s c r i p t i o n
n
1 29 th June 2022 M.Kum a r Initial version
2 6 th April 2023 M.Kum a r R23 AMR Review

2
TAFJ Kerb e ros S e t u p

Copyri g h t

Copyrig h t © Teme n o s Hea d q u a r t e r s SA 2009- 2023.


All right s rese rv e d.
This docu m e n t cont ain s prop rie t a r y inform a tio n that is prote c t e d by copyrig h t. No part of this docu m e n t may
be repro d u c e d , tra ns m i t t e d , or mad e availa ble direc tly or indirec tly to a third party without the expr e s s
writt e n agre e m e n t of TEMENOS UK Limite d. Receipt of this mate ri al direc tly TEMENO S UK Limite d
constit u t e s its expr e s s per mis sion to copy. Per mis sion to use or copy this docu m e n t expr e s sly exclud e s
modifying it for any purpo s e , or using it to cre a t e a derivative the r ef ro m .

Errat a and Com m e n t s


If you have any com m e n t s reg a r di n g this man u al or wish to repor t any error s in the docu m e n t a t i o n ,
plea s e docu m e n t the m and send the m to the add r e s s below:
Technology Depa r t m e n t
Teme no s Hea d q u a r t e r s SA
2 Rue de l’Ecole- de- Chimie,
CH - 1205 Geneva,
Switze rl a n d

Tel SB: +4 1 (0) 22 708 1150


Fax: +4 1 (0) 22 708 1160

Pleas e includ e your na m e , comp a n y, addr e s s, and telep h o n e and fax num b e r s , and email add r e s s if
applica bl e. TAFJdev@t e m e n o s . c o m

3 Teme no s Application Fra m e w o r k Java – (TAFJ)


Ta b l e o f C o n t e n t s

4
TAFJ Kerb e ros S e t u p
Kerb e r o s Set u p on wind o w s

Crea t e a file called krb 5. c o n f in a direc to ry wher e we want to execu t e the kinit com m a n d for the first
time.
The krb5.co nf will look like below with nece s s a r y det ails of AD configu r a t io n.

include di r /etc/kr b 5 .c o nf. d/


include di r /var/lib/ss s/ p u b c o nf/k r b 5 .i n clu d e . d/

[libdefa ul ts]
# default_r e al m = EXAMPLE.COM
default_r e al m = TEME NO SGRO U P .C O M
dns_looku p_r e a l m = true
ticket_lifetim e = 24h
rene w_lifetim e = 7d
forw a r d a b l e = true
rdns = true
pkinit_a nc h o r s = /etc/pki/tls/c e r t s/ c a- bundle.c r t
# default_cc a c h e_n a m e = KEYRING:pe r s is t e n t : % { ui d }

[logging]
default = FILE:/var/log/k r b 5lib s.log
kdc = FILE:/va r/log/k r b 5 k d c .lo g
admi n_se r v e r = FILE:/var/log/k a d m i n d .lo g

[realm s]
TEMEN O S GRO U P.CO M = {
kdc = TEMEN O SG ROU P.CO M: 8 8
admi n_se r v e r = TEMEN O S GRO U P.CO M
}

[dom ai n_r e a l m]
tem e n o s g r o u p . c o m = TEMEN O S GRO U P.CO M
.tem e n o s g r o u p . c o m = TEMEN O SGRO U P.CO M

Use kinit com m a n d to initiat e a kerb e r o s local cache on windows by gene r a t i n g krbcc 5 file

== = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
== = = = = = = = = =

kinit - followe d by passw o r d , it will gen e r a t e a filena m e "user n a m e _k r b 5 c c " unde r


C:\use r s\ u s e r n a m e \

5 Teme no s Application Fra m e w o r k Java – (TAFJ)


i.e :
C:\Tem e n o s\D e v elo p m e n t \ D EV\TAFJ\bin >ki ni t
Passw o r d for manojku m a r @ TE M E N O S GR O U P .CO M:
New ticket is stor e d in cach e file C:\Use r s\ m a n oj k u m a r \ k r b 5 c c_ m a n oj k u m a r

Use kList com m a n d to view the det ails of above cre a t e d ent ry

C:\Tem e n o s\D e v elo p m e n t \ D EV\TAFJ\bin > k li st

Cred e n t i al s cache: C:\Use r s\ m a n oj k u m a r \ k r b 5 c c_ m a n oj k u m a r

Default princip al: manojku m a r @ TE M E N O S G RO U P .C OM, 1 entry found.

[1] Service Principal: krbt g t/TE M E N O S G RO U P .CO M@TEM E N O S G R OU P.C O M


Valid sta r ti n g: Jun 29, 2022 07:15: 2 0
Expire s: Jun 29, 2022 17:15:2 0
Note : if the token gets expire d, the next time one has to re do the kinit (step 1) to gen e r a t e the new
toke n and push it into local cache .

6
TAFJ Kerb e ros S e t u p
Clas s i c Entry poi n t of TAFJ

The classic entry point of TAFJ requi r e s few code chan g e s which are not incor po r a t e d to suppo r t
Kerbe r o s aut h e n t i c a ti o n.

The following prop e r t y must be mad e true for Kerbe r o s aut h e n t i c a t io n:


te m n . t a f j.jd b c . c o n n e c t i o n . a u t h . p r o p e r t i e s =or a c l e . n e t . a u t h e n t i c a t i o n_s e r vic e s = (K E RB ERO S 5),or a cl e.
net.ke r b e r o s 5_ m u t u a l_a u t h e n t i c a t i o n = t r u e ,
oracle.n e t . k e r b e r o s 5_c c_n a m e = C : / U s e r s / m a n oj k u m a r / k r b 5 c c_ m a n oj k u m a r

Appli c a t i o n Serv e r set u p

For Application serve r, the dat a b a s e conne c tio n is man a g e d by the dat a sourc e definition and the
following conn e c ti o n par a m e t e r s nee d to be adde d part of dat a sourc e definition to make the JDBC driver
know that the mode of aut h e n t i c a t i o n is kerb e r o s and not the nor m al basic use r/ p a s s w o r d aut h e n t i c a t io n.

Exam pl e : below is the jboss data sour c e definition and simila r should be adde d to othe r suppo r t e d
applica tion serve r s and all dat a sourc e definitions (t24DS, t24Lockin gD S, t24RODS).

<s u b s y s t e m xmlns = " u r n :j b o s s: d o m a i n: d a t a s o u r c e s : 5 . 0" >


<d a t a s o u r c e s >
<d a t a s o u r c e jta =" t r u e " jndi- nam e = " j a v a :/jdb c/ t24DS " pool- nam e = " t 2 4 D S " enabl e d = " t r u e " use-
java- cont ext = " t r u e " use- ccm = " t r u e " >
<c o n n e c ti o n- url >j d b c : o r a cl e : t hi n:@ 1 0. 4 2 . 2 2. 5 7: 1 5 2 1 : H W B MS < / c o n n e c t i o n- url >
< c o n n e c t i o n - prop e r t y
na m e = " o r a c l e . n e t . a u t h e n t i c a t i o n _ s e r v i c e s" > ( K E R B E R O S 5 ) < / c o n n e c t i o n - prop e r t y >
< c o n n e c t i o n - prop e r t y
na m e = " o r a c l e . n e t . k e r b e r o s 5 _ m u t u a l _ a u t h e n t i c a t i o n " > t r u e < / c o n n e c t i o n - prop e r t y >
< c o n n e c t i o n - prop e r t y
na m e = " o r a c l e . n e t . k e r b e r o s 5 _ c c _ n a m e " > C : / U s e r s / m a n o j k u m a r / k r b 5 c c _ m a n o j k u m a r < / c o n n e c t i o
n- prop e r t y >
<d rive r > o r a c l e < / d r i v e r >
<pool >
< mi n- pool- size > 5 < / m i n- pool- size >
< m a x- pool- size > 2 2 0 < / m a x- pool- size >
<flush- stra t e g y > F a i li n g C o n n e c t i o n O nly < /fl us h- stra t e g y >
</pool >
</ d a t a s o u r c e >

7 Teme no s Application Fra m e w o r k Java – (TAFJ)


Additi o n a l deb u g g i n g set u p

P.S: for addition al valida tion, the following below prope r t y can be adde d as JVM argu m e n t to see the
det ails for Kerbe r o s aut h e n t i c a t i o n.

<syst e m- prop e r t i e s >


<p r o p e r t y nam e = " file.e n c o di n g" value = " UT F- 8"/ >
<p r o p e r t y nam e = " t a fj.ho m e " value = " C :/T e m e n o s /D ev el op m e n t / D EV/TAFJ"/ >
<p r o p e r t y nam e = " s u n . s e c u r i t y.k r b 5 . d e b u g " value = " t r u e " / >
</sys t e m- prope r t i e s >

You might also like