geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Reduced ATS Kerberos configuration requirements.

Browse Source
This commit is contained in:
Juan Carlos Luciani
2006-09-21 21:44:51 +00:00
parent 466357aa0e
commit 45be099b8c
3 changed files with 29 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes
View File

@@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Sep 21 15:41:18 MDT 2006 - jluciani@novell.com
- Reduced Kerberos configuration requirements. Now the ATS service
principal name defaults to "host" and there is no need to set the
"javax.security.auth.useSubjectCredsOnly" system property to "false"
in the JAVA_OPTS.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 18 11:18:00 MDT 2006 - jluciani@novell.com Mon Sep 18 11:18:00 MDT 2006 - jluciani@novell.com

16
CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java
View File

@@ -44,6 +44,10 @@ public class AuthMechConfig
public final static String ClassName = "ClassName"; public final static String ClassName = "ClassName";
public final static String RelativeClassPath = "RelativeClassPath"; public final static String RelativeClassPath = "RelativeClassPath";
public final static String ClassPath = "ClassPath"; public final static String ClassPath = "ClassPath";
public final static String Krb5ServicePrincipalName = "ServicePrincipalName";
// Default configuration values
private String m_defaultKrb5ServicePrincipalNameValue = "host";
private Map m_mechSettingsMap; private Map m_mechSettingsMap;
@@ -245,7 +249,19 @@ public class AuthMechConfig
String value = (String) m_mechSettingsMap.get(settingName); String value = (String) m_mechSettingsMap.get(settingName);
if (value == null) if (value == null)
{ {
System.err.println("AuthMechConfig.getSetting()- Did not find setting " + settingName); System.err.println("AuthMechConfig.getSetting()- Did not find setting " + settingName);
// The setting is not in our map, check if it is one to
// which we have defaults.
if (settingName.equals(Krb5ServicePrincipalName) == true)
{
value = m_defaultKrb5ServicePrincipalNameValue;
System.err.println("AuthMechConfig.getSetting()- Assigning default value " + value);
// Add the key to the map so that it can be found quicker next time
m_mechSettingsMap.put(Krb5ServicePrincipalName, m_defaultKrb5ServicePrincipalNameValue);
}
} }
else else
{ {

8
CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java
View File

@@ -60,8 +60,6 @@ import org.bandit.ia.IAContext;
*/ */
public class Krb5Authenticate implements AuthMechanism, Serializable public class Krb5Authenticate implements AuthMechanism, Serializable
{ {
private static final String ServicePrincipalNameSetting = "ServicePrincipalName";
private SvcConfig m_svcConfig; private SvcConfig m_svcConfig;
private AuthMechConfig m_mechConfig; private AuthMechConfig m_mechConfig;
@@ -138,11 +136,15 @@ public class Krb5Authenticate implements AuthMechanism, Serializable
m_svcConfig = svcConfig; m_svcConfig = svcConfig;
m_mechConfig = mechConfig; m_mechConfig = mechConfig;
String servicePrincipal = mechConfig.getSetting(ServicePrincipalNameSetting); String servicePrincipal = mechConfig.getSetting(AuthMechConfig.Krb5ServicePrincipalName);
if (servicePrincipal != null) if (servicePrincipal != null)
{ {
try try
{ {
// Make sure that the system property "javax.security.auth.useSubjectCredsOnly"
// is set to "false" to avoid having to utilize JAAS (at least if using IBM's JVM)
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
// Initalize our GSS variables // Initalize our GSS variables
// //
// Get an instance of the default GSSManager // Get an instance of the default GSSManager