Where to put krb5.ini when using SPENEGO Extension

**emmmcl01** · Mar 10th, 2011, 08:40 PM

I'm following the write up here:

http://blog.springsource.com/2009/09...rity-kerberos/

There's no reference to where one would store a krb5.ini file.

I don't see an object that stands out as a candidate for configuring.

Is there a class I need to configure? Or somehow with SPNEGO isn't a krb5.ini file required?

Thanks.

**pmularien** · Mar 11th, 2011, 05:37 AM

Typically krb5.ini would go in the Windows directory. It is possible to configure some attributes of the Java GSSAPI using Java system properties (-Dxx=yy). This article from Sun/Oracle describes in more detail how the GSSAPI finds the Kerberos configuration for your environment.

**emmmcl01** · Mar 11th, 2011, 12:11 PM

Thanks pmularien.

Um. Putting together a plan that requires storing a krb5.ini file in everyone's Windows folder in a Web application is a show stopper.

Is there a place where one can get SPENEGO specific tips on how to configure the krb5.ini file in one's WEB-INF folder and read it from the classpath? Whatever I do - setting a system property in my web application seems like a kludge.

**pmularien** · Mar 11th, 2011, 07:33 PM

Sorry, just to clarify - the krb5.ini file is only needed on the web application server (the server running Spr Sec)! It's assumed that users already have some method of Kerberos authentication - in a Windows domain, this is typically managed using Active Directory; in a Linux domain, you are typically running in a Kerberized environment, so all the machines would have Kerberos client software anyway.

Hope that helps!

Thread: Where to put krb5.ini when using SPENEGO Extension

Thread Tools

Display

Where to put krb5.ini when using SPENEGO Extension

Posting Permissions