< prev index next >

src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java

Print this page 
rev 59383 : [mq]: final
   1 /*
   2  * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any


  87  * be set using the system property {@systemProperty sun.security.krb5.principal}.
  88  * This property is checked during login. If this property is not set, then
  89  * the principal name from the configuration is used. In the
  90  * case where the principal property is not set and the principal
  91  * entry also does not exist, the user is prompted for the name.
  92  * When this property of entry is set, and {@code useTicketCache}
  93  * is set to true, only TGT belonging to this principal is used.
  94  *
  95  * <p> The following is a list of configuration options supported
  96  * for {@code Krb5LoginModule}:
  97  * <blockquote><dl>
  98  * <dt>{@code refreshKrb5Config}:</dt>
  99  * <dd> Set this to true, if you want the configuration
 100  * to be refreshed before the {@code login} method is called.</dd>
 101  * <dt>{@code useTicketCache}:</dt>
 102  * <dd>Set this to true, if you want the
 103  * TGT to be obtained from the ticket cache. Set this option
 104  * to false if you do not want this module to use the ticket cache.
 105  * (Default is False).
 106  * This module will search for the ticket
 107  * cache in the following locations: On Solaris and Linux
 108  * it will look for the ticket cache in /tmp/krb5cc_{@code uid}
 109  * where the uid is numeric user identifier. If the ticket cache is
 110  * not available in the above location, or if we are on a
 111  * Windows platform, it will look for the cache as
 112  * {user.home}{file.separator}krb5cc_{user.name}.
 113  * You can override the ticket cache location by using
 114  * {@code ticketCache}.
 115  * For Windows, if a ticket cannot be retrieved from the file ticket cache,
 116  * it will use Local Security Authority (LSA) API to get the TGT.
 117  * <dt>{@code ticketCache}:</dt>
 118  * <dd>Set this to the name of the ticket
 119  * cache that  contains user's TGT.
 120  * If this is set,  {@code useTicketCache}
 121  * must also be set to true; Otherwise a configuration error will
 122  * be returned.</dd>
 123  * <dt>{@code renewTGT}:</dt>
 124  * <dd>Set this to true, if you want to renew the TGT when it's more than
 125  * half-way expired (the time until expiration is less than the time
 126  * since start time). If this is set, {@code useTicketCache} must also be
 127  * set to true; otherwise a configuration error will be returned.</dd>


   1 /*
   2  * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any


  87  * be set using the system property {@systemProperty sun.security.krb5.principal}.
  88  * This property is checked during login. If this property is not set, then
  89  * the principal name from the configuration is used. In the
  90  * case where the principal property is not set and the principal
  91  * entry also does not exist, the user is prompted for the name.
  92  * When this property of entry is set, and {@code useTicketCache}
  93  * is set to true, only TGT belonging to this principal is used.
  94  *
  95  * <p> The following is a list of configuration options supported
  96  * for {@code Krb5LoginModule}:
  97  * <blockquote><dl>
  98  * <dt>{@code refreshKrb5Config}:</dt>
  99  * <dd> Set this to true, if you want the configuration
 100  * to be refreshed before the {@code login} method is called.</dd>
 101  * <dt>{@code useTicketCache}:</dt>
 102  * <dd>Set this to true, if you want the
 103  * TGT to be obtained from the ticket cache. Set this option
 104  * to false if you do not want this module to use the ticket cache.
 105  * (Default is False).
 106  * This module will search for the ticket
 107  * cache in the following locations: On Linux
 108  * it will look for the ticket cache in /tmp/krb5cc_{@code uid}
 109  * where the uid is numeric user identifier. If the ticket cache is
 110  * not available in the above location, or if we are on a
 111  * Windows platform, it will look for the cache as
 112  * {user.home}{file.separator}krb5cc_{user.name}.
 113  * You can override the ticket cache location by using
 114  * {@code ticketCache}.
 115  * For Windows, if a ticket cannot be retrieved from the file ticket cache,
 116  * it will use Local Security Authority (LSA) API to get the TGT.
 117  * <dt>{@code ticketCache}:</dt>
 118  * <dd>Set this to the name of the ticket
 119  * cache that  contains user's TGT.
 120  * If this is set,  {@code useTicketCache}
 121  * must also be set to true; Otherwise a configuration error will
 122  * be returned.</dd>
 123  * <dt>{@code renewTGT}:</dt>
 124  * <dd>Set this to true, if you want to renew the TGT when it's more than
 125  * half-way expired (the time until expiration is less than the time
 126  * since start time). If this is set, {@code useTicketCache} must also be
 127  * set to true; otherwise a configuration error will be returned.</dd>
< prev index next >