1 /*
2 * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
87 * be set using the system property {@systemProperty sun.security.krb5.principal}.
88 * This property is checked during login. If this property is not set, then
89 * the principal name from the configuration is used. In the
90 * case where the principal property is not set and the principal
91 * entry also does not exist, the user is prompted for the name.
92 * When this property of entry is set, and {@code useTicketCache}
93 * is set to true, only TGT belonging to this principal is used.
94 *
95 * <p> The following is a list of configuration options supported
96 * for {@code Krb5LoginModule}:
97 * <blockquote><dl>
98 * <dt>{@code refreshKrb5Config}:</dt>
99 * <dd> Set this to true, if you want the configuration
100 * to be refreshed before the {@code login} method is called.</dd>
101 * <dt>{@code useTicketCache}:</dt>
102 * <dd>Set this to true, if you want the
103 * TGT to be obtained from the ticket cache. Set this option
104 * to false if you do not want this module to use the ticket cache.
105 * (Default is False).
106 * This module will search for the ticket
107 * cache in the following locations: On Solaris and Linux
108 * it will look for the ticket cache in /tmp/krb5cc_{@code uid}
109 * where the uid is numeric user identifier. If the ticket cache is
110 * not available in the above location, or if we are on a
111 * Windows platform, it will look for the cache as
112 * {user.home}{file.separator}krb5cc_{user.name}.
113 * You can override the ticket cache location by using
114 * {@code ticketCache}.
115 * For Windows, if a ticket cannot be retrieved from the file ticket cache,
116 * it will use Local Security Authority (LSA) API to get the TGT.
117 * <dt>{@code ticketCache}:</dt>
118 * <dd>Set this to the name of the ticket
119 * cache that contains user's TGT.
120 * If this is set, {@code useTicketCache}
121 * must also be set to true; Otherwise a configuration error will
122 * be returned.</dd>
123 * <dt>{@code renewTGT}:</dt>
124 * <dd>Set this to true, if you want to renew the TGT when it's more than
125 * half-way expired (the time until expiration is less than the time
126 * since start time). If this is set, {@code useTicketCache} must also be
127 * set to true; otherwise a configuration error will be returned.</dd>
|
1 /*
2 * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
87 * be set using the system property {@systemProperty sun.security.krb5.principal}.
88 * This property is checked during login. If this property is not set, then
89 * the principal name from the configuration is used. In the
90 * case where the principal property is not set and the principal
91 * entry also does not exist, the user is prompted for the name.
92 * When this property of entry is set, and {@code useTicketCache}
93 * is set to true, only TGT belonging to this principal is used.
94 *
95 * <p> The following is a list of configuration options supported
96 * for {@code Krb5LoginModule}:
97 * <blockquote><dl>
98 * <dt>{@code refreshKrb5Config}:</dt>
99 * <dd> Set this to true, if you want the configuration
100 * to be refreshed before the {@code login} method is called.</dd>
101 * <dt>{@code useTicketCache}:</dt>
102 * <dd>Set this to true, if you want the
103 * TGT to be obtained from the ticket cache. Set this option
104 * to false if you do not want this module to use the ticket cache.
105 * (Default is False).
106 * This module will search for the ticket
107 * cache in the following locations: On Linux
108 * it will look for the ticket cache in /tmp/krb5cc_{@code uid}
109 * where the uid is numeric user identifier. If the ticket cache is
110 * not available in the above location, or if we are on a
111 * Windows platform, it will look for the cache as
112 * {user.home}{file.separator}krb5cc_{user.name}.
113 * You can override the ticket cache location by using
114 * {@code ticketCache}.
115 * For Windows, if a ticket cannot be retrieved from the file ticket cache,
116 * it will use Local Security Authority (LSA) API to get the TGT.
117 * <dt>{@code ticketCache}:</dt>
118 * <dd>Set this to the name of the ticket
119 * cache that contains user's TGT.
120 * If this is set, {@code useTicketCache}
121 * must also be set to true; Otherwise a configuration error will
122 * be returned.</dd>
123 * <dt>{@code renewTGT}:</dt>
124 * <dd>Set this to true, if you want to renew the TGT when it's more than
125 * half-way expired (the time until expiration is less than the time
126 * since start time). If this is set, {@code useTicketCache} must also be
127 * set to true; otherwise a configuration error will be returned.</dd>
|