Kerberos Setup Instructions
Introduction
Beginning in version 1.4.1, the JavaTM
2 SDK, Standard Edition provides three client-side Kerberos tools:
kinit, klist, and ktab in its
Windows and Linux distributions. In this document, we explain how to
use these tools to obtain Kerberos Ticket Granting Tickets (TGTs) and
keytabs on their provided platforms. If you are running on the
SolarisTM Operating System (Solaris OS),
then in addition to using the Solaris OS version of the
kinit
utility to obtain and cache Kerberos ticket-granting tickets, you should
also use the Solaris OS-specific Kerberos database administration program,
kadmin (for details type, man kadmin).
Create keytab files
Create a keytab file, if it does not exist already, and add entries
using:
ktab -a <principal_name> <password> -k <keytab_name>
For example, to create a keytab file named as
krb-servers.keytab in the config directory, which
contains three entries whose principal names are server,
phoenix, and reggie, and passwords are
serverpw, phoenixpw, and reggiepw
respectively, you would use the following:
ktab -a server serverpw -k config/krb-servers.keytab
ktab -a phoenix phoenixpw -k config/krb-servers.keytab
ktab -a reggie reggiepw -k config/krb-servers.keytab
To check what entries are in a keytab file, use:
ktab -l -k <keytab_name>
To create keytabs when running on Solaris OS, one can use the
ktadd command provided under the kadmin
utility (for details type, man kadmin).
Create TGT cache
kinit can used to obtain and cache Kerberos TGTs. Here
are links to the documentation of this command on various platforms
([Linux]
[Windows]
[Solaris OS]).
Kerberos Login module documentation
The Java Authentication and Authorization Service (JAAS)
login module for Kerberos is Krb5LoginModule. To find
out what options it supports and how to setup its configuration file,
click here.