87 * be set using the system property {@systemProperty sun.security.krb5.principal}.
88 * This property is checked during login. If this property is not set, then
89 * the principal name from the configuration is used. In the
90 * case where the principal property is not set and the principal
91 * entry also does not exist, the user is prompted for the name.
92 * When this property of entry is set, and {@code useTicketCache}
93 * is set to true, only TGT belonging to this principal is used.
94 *
95 * <p> The following is a list of configuration options supported
96 * for {@code Krb5LoginModule}:
97 * <blockquote><dl>
98 * <dt>{@code refreshKrb5Config}:</dt>
99 * <dd> Set this to true, if you want the configuration
100 * to be refreshed before the {@code login} method is called.</dd>
101 * <dt>{@code useTicketCache}:</dt>
102 * <dd>Set this to true, if you want the
103 * TGT to be obtained from the ticket cache. Set this option
104 * to false if you do not want this module to use the ticket cache.
105 * (Default is False).
106 * This module will search for the ticket
107 * cache in the following locations: On Solaris and Linux
108 * it will look for the ticket cache in /tmp/krb5cc_{@code uid}
109 * where the uid is numeric user identifier. If the ticket cache is
110 * not available in the above location, or if we are on a
111 * Windows platform, it will look for the cache as
112 * {user.home}{file.separator}krb5cc_{user.name}.
113 * You can override the ticket cache location by using
114 * {@code ticketCache}.
115 * For Windows, if a ticket cannot be retrieved from the file ticket cache,
116 * it will use Local Security Authority (LSA) API to get the TGT.
117 * <dt>{@code ticketCache}:</dt>
118 * <dd>Set this to the name of the ticket
119 * cache that contains user's TGT.
120 * If this is set, {@code useTicketCache}
121 * must also be set to true; Otherwise a configuration error will
122 * be returned.</dd>
123 * <dt>{@code renewTGT}:</dt>
124 * <dd>Set this to true, if you want to renew the TGT when it's more than
125 * half-way expired (the time until expiration is less than the time
126 * since start time). If this is set, {@code useTicketCache} must also be
127 * set to true; otherwise a configuration error will be returned.</dd>
|
87 * be set using the system property {@systemProperty sun.security.krb5.principal}.
88 * This property is checked during login. If this property is not set, then
89 * the principal name from the configuration is used. In the
90 * case where the principal property is not set and the principal
91 * entry also does not exist, the user is prompted for the name.
92 * When this property of entry is set, and {@code useTicketCache}
93 * is set to true, only TGT belonging to this principal is used.
94 *
95 * <p> The following is a list of configuration options supported
96 * for {@code Krb5LoginModule}:
97 * <blockquote><dl>
98 * <dt>{@code refreshKrb5Config}:</dt>
99 * <dd> Set this to true, if you want the configuration
100 * to be refreshed before the {@code login} method is called.</dd>
101 * <dt>{@code useTicketCache}:</dt>
102 * <dd>Set this to true, if you want the
103 * TGT to be obtained from the ticket cache. Set this option
104 * to false if you do not want this module to use the ticket cache.
105 * (Default is False).
106 * This module will search for the ticket
107 * cache in the following locations: On Linux
108 * it will look for the ticket cache in /tmp/krb5cc_{@code uid}
109 * where the uid is numeric user identifier. If the ticket cache is
110 * not available in the above location, or if we are on a
111 * Windows platform, it will look for the cache as
112 * {user.home}{file.separator}krb5cc_{user.name}.
113 * You can override the ticket cache location by using
114 * {@code ticketCache}.
115 * For Windows, if a ticket cannot be retrieved from the file ticket cache,
116 * it will use Local Security Authority (LSA) API to get the TGT.
117 * <dt>{@code ticketCache}:</dt>
118 * <dd>Set this to the name of the ticket
119 * cache that contains user's TGT.
120 * If this is set, {@code useTicketCache}
121 * must also be set to true; Otherwise a configuration error will
122 * be returned.</dd>
123 * <dt>{@code renewTGT}:</dt>
124 * <dd>Set this to true, if you want to renew the TGT when it's more than
125 * half-way expired (the time until expiration is less than the time
126 * since start time). If this is set, {@code useTicketCache} must also be
127 * set to true; otherwise a configuration error will be returned.</dd>
|