< prev index next >

src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java

Print this page 
rev 59107 : imported patch security


  87  * be set using the system property {@systemProperty sun.security.krb5.principal}.
  88  * This property is checked during login. If this property is not set, then
  89  * the principal name from the configuration is used. In the
  90  * case where the principal property is not set and the principal
  91  * entry also does not exist, the user is prompted for the name.
  92  * When this property of entry is set, and {@code useTicketCache}
  93  * is set to true, only TGT belonging to this principal is used.
  94  *
  95  * <p> The following is a list of configuration options supported
  96  * for {@code Krb5LoginModule}:
  97  * <blockquote><dl>
  98  * <dt>{@code refreshKrb5Config}:</dt>
  99  * <dd> Set this to true, if you want the configuration
 100  * to be refreshed before the {@code login} method is called.</dd>
 101  * <dt>{@code useTicketCache}:</dt>
 102  * <dd>Set this to true, if you want the
 103  * TGT to be obtained from the ticket cache. Set this option
 104  * to false if you do not want this module to use the ticket cache.
 105  * (Default is False).
 106  * This module will search for the ticket
 107  * cache in the following locations: On Solaris and Linux
 108  * it will look for the ticket cache in /tmp/krb5cc_{@code uid}
 109  * where the uid is numeric user identifier. If the ticket cache is
 110  * not available in the above location, or if we are on a
 111  * Windows platform, it will look for the cache as
 112  * {user.home}{file.separator}krb5cc_{user.name}.
 113  * You can override the ticket cache location by using
 114  * {@code ticketCache}.
 115  * For Windows, if a ticket cannot be retrieved from the file ticket cache,
 116  * it will use Local Security Authority (LSA) API to get the TGT.
 117  * <dt>{@code ticketCache}:</dt>
 118  * <dd>Set this to the name of the ticket
 119  * cache that  contains user's TGT.
 120  * If this is set,  {@code useTicketCache}
 121  * must also be set to true; Otherwise a configuration error will
 122  * be returned.</dd>
 123  * <dt>{@code renewTGT}:</dt>
 124  * <dd>Set this to true, if you want to renew the TGT when it's more than
 125  * half-way expired (the time until expiration is less than the time
 126  * since start time). If this is set, {@code useTicketCache} must also be
 127  * set to true; otherwise a configuration error will be returned.</dd>




  87  * be set using the system property {@systemProperty sun.security.krb5.principal}.
  88  * This property is checked during login. If this property is not set, then
  89  * the principal name from the configuration is used. In the
  90  * case where the principal property is not set and the principal
  91  * entry also does not exist, the user is prompted for the name.
  92  * When this property of entry is set, and {@code useTicketCache}
  93  * is set to true, only TGT belonging to this principal is used.
  94  *
  95  * <p> The following is a list of configuration options supported
  96  * for {@code Krb5LoginModule}:
  97  * <blockquote><dl>
  98  * <dt>{@code refreshKrb5Config}:</dt>
  99  * <dd> Set this to true, if you want the configuration
 100  * to be refreshed before the {@code login} method is called.</dd>
 101  * <dt>{@code useTicketCache}:</dt>
 102  * <dd>Set this to true, if you want the
 103  * TGT to be obtained from the ticket cache. Set this option
 104  * to false if you do not want this module to use the ticket cache.
 105  * (Default is False).
 106  * This module will search for the ticket
 107  * cache in the following locations: On Linux
 108  * it will look for the ticket cache in /tmp/krb5cc_{@code uid}
 109  * where the uid is numeric user identifier. If the ticket cache is
 110  * not available in the above location, or if we are on a
 111  * Windows platform, it will look for the cache as
 112  * {user.home}{file.separator}krb5cc_{user.name}.
 113  * You can override the ticket cache location by using
 114  * {@code ticketCache}.
 115  * For Windows, if a ticket cannot be retrieved from the file ticket cache,
 116  * it will use Local Security Authority (LSA) API to get the TGT.
 117  * <dt>{@code ticketCache}:</dt>
 118  * <dd>Set this to the name of the ticket
 119  * cache that  contains user's TGT.
 120  * If this is set,  {@code useTicketCache}
 121  * must also be set to true; Otherwise a configuration error will
 122  * be returned.</dd>
 123  * <dt>{@code renewTGT}:</dt>
 124  * <dd>Set this to true, if you want to renew the TGT when it's more than
 125  * half-way expired (the time until expiration is less than the time
 126  * since start time). If this is set, {@code useTicketCache} must also be
 127  * set to true; otherwise a configuration error will be returned.</dd>
< prev index next >