com.ibm.security.auth.module
Class Krb5LoginModule
- java.lang.Object
-
- com.ibm.security.auth.module.Krb5LoginModule
-
- All Implemented Interfaces:
- javax.security.auth.spi.LoginModule
public class Krb5LoginModule extends java.lang.Object implements javax.security.auth.spi.LoginModule
A JAAS
LoginModule
for acquiring Kerberos credentials.Supported options (specified in a JAAS configuration file):
1) Kerberos options principal=principalName credsType=initiator|acceptor|both (default=initiator) forwardable=true|false (default=false) proxiable=true|false (default=false) renewable=true|false (default=false) useCcache=URL useKeytab=URL useDefaultCcache=true|false (default=false) useDefaultKeytab=true|false (default=false) 2) JAAS-suggested options: debug=true|false (default=unset, JGSS debug options used) tryFirstPass=true|false (default=false) useFirstPass=true|false (default=false) moduleBanner=true|false (default=false) NOTES: 1) Default realm (which is obtained from the Kerberos config file) is used if the principal specified does not include a realm component. 2) debug option: true is equivalent to com.ibm.jgss.debug=all false is equivalent to com.ibm.jgss.debug=off The debug option affects debug from the Login module only; other subcomponents of JGSS are not affected. 3) Boolean options can be set to "true" or "yes", "false" or "no" 4) The keytab and ccache options take precedence over tryFirstPass. If a keytab or ccache option is set in addition to tryFirstPass, the keytab or ccache is used and the principal saved in the shared state if login is succesful. There will be no prompting for password if the login fails. 5) The keytab and ccache options are incompatible with the useFirstPass option; specifying useFirstPass in conjunction with either a keytab or ccache option will cause an exception to be thrown. 6) From the Java 1.4 JAAS guide: try_first_pass - If true, the first LoginModule in the stack saves the password entered, and subsequent LoginModules also try to use it. If authentication fails, the LoginModules prompt for a new password and retry the authentication. use_first_pass - If true, the first LoginModule in the stack saves the password entered, and subsequent LoginModules also try to use it. LoginModules do not prompt for a new password if authentication fails (authentication simply fails). moduleBanner - If true, then when invoking the CallbackHandler, the LoginModule provides a TextOutputCallback as the first Callback, which describes the LoginModule performing the authentication. debug - If true, instructs a LoginModule to output debugging information.
-
-
Constructor Summary
Constructors Constructor and Description Krb5LoginModule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method and Description boolean
abort()
Abort the loginboolean
commit()
commit the login for uservoid
initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
boolean
login()
loginboolean
logout()
Logout the user.
-
-
-
Method Detail
-
initialize
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
- Specified by:
initialize
in interfacejavax.security.auth.spi.LoginModule
- Parameters:
subject
-callbackHandler
-sharedState
-options
-
-
login
public boolean login() throws javax.security.auth.login.LoginException
login- Specified by:
login
in interfacejavax.security.auth.spi.LoginModule
- Returns:
- true if login is successful
- Throws:
LoginException!
javax.security.auth.login.LoginException
-
commit
public boolean commit() throws javax.security.auth.login.LoginException
commit the login for user- Specified by:
commit
in interfacejavax.security.auth.spi.LoginModule
- Returns:
- true if commit is successful
- Throws:
javax.security.auth.login.LoginException
-
abort
public boolean abort() throws javax.security.auth.login.LoginException
Abort the login- Specified by:
abort
in interfacejavax.security.auth.spi.LoginModule
- Returns:
- true if abort is successful
- Throws:
LoginException.
javax.security.auth.login.LoginException
-
logout
public boolean logout() throws javax.security.auth.login.LoginException
Logout the user.This method removes the
Principal
that was added by thecommit
method.- Specified by:
logout
in interfacejavax.security.auth.spi.LoginModule
- Returns:
- true in all cases since this
LoginModule
should not be ignored. - Throws:
javax.security.auth.login.LoginException
- if the logout fails.
-
-