Hi, Yes, you need to deploy Kerberos jaas config in Karaf either wrap into the bundle or directly into deploy folder.
The configuration should look like this: <?xml version="1.0" encoding="UTF-8"?> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"> <jaas:config name="my-kerberos"> <jaas:module className="com.sun.security.auth.module.Krb5LoginModule" flags="required"> debug = true refreshKrb5Config = true useKeyTab = true storeKey = true keyTab = etc/my.keytab principal = mydomain/myservices.example.com detailed.login.exception = true </jaas:module> </jaas:config> </blueprint> Regards, Andrei. > -----Original Message----- > From: smkheir [mailto:[email protected]] > Sent: Donnerstag, 2. Oktober 2014 03:53 > To: [email protected] > Subject: cxf kerberos + karaf blueprint > > Hi, > I'm trying to use cxf kerberos support in karaf container. all unit test and > standalone apps are working fine based on 3 system properties: > > System.setProperty( "java.security.auth.login.config", > "/apps/krb5/jaas.conf"); > System.setProperty( "java.security.krb5.realm", "MYCOMPANY.COM")); > System.setProperty( "java.security.krb5.kdc", "kdc.mycompany.com"); > > when I set these properties in karaf etc/system.properties (or karaf startup > using -D...) the container is not picking them up and am getting exception as > "No LoginModule found for my-context" ... looks to me a conflict between JAAS > and OSGI (no wonder ...) > > I looked at Karaf examples and there are many jaas login modules for ldap, > jdbc, ... but there is nothing for kerberos. I was wondering if something > like this > is possible: > > <blueprint ...> > > <jaas:config name="MyRealm"> > <jaas:module > className="com.sun.security.auth.module.Krb5LoginModule" > flags="required"> > debug = true > useTicketCache = true > useKeyTab=true > keytab=/apps/krb5/server.keytab > principal=myserver/server1.mycompany.com > </jaas:module> > </jaas:config> > > </blueprint> > > I cannot find any example and was wondering if anyone can help. How can I > pass these three important data (login config, realm and kdc) to wss4j > KerberosTokenValidator? > > Thanks, > Smkheir > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/cxf-kerberos- > karaf-blueprint-tp5749380.html > Sent from the cxf-user mailing list archive at Nabble.com.
