The Kerberos network authentication protocol is defined in
RFC 4120. The Java
platform contains support for the client side of Kerberos via the
org.ietf.jgss package. There might also be
a login module that implements
LoginModule to authenticate
You can provide the name of your default realm and Key Distribution
Center (KDC) host for that realm using the system properties
java.security.krb5.kdc. Both properties must be set.
java.security.krb5.conf system property
can be set to the location of an MIT style
file. If none of these system properties are set, the
file is searched for in an implementation-specific manner. Typically,
an implementation will first look for a
krb5.conf file in
<java-home>/conf/security and failing that, in an OS-specific
krb5.conf file is formatted in the Windows INI file style,
which contains a series of relations grouped into different sections.
Each relation contains a key and a value, the value can be an arbitrary
string or a boolean value. A boolean value can be one of "true", "false",
"yes", or "no", and values are case-insensitive.
Class Summary Class Description DelegationPermissionThis class is used to restrict the usage of the Kerberos delegation model, ie: forwardable and proxiable tickets. EncryptionKeyThis class encapsulates an EncryptionKey used in Kerberos. KerberosCredMessageThis class encapsulates a Kerberos 5 KRB_CRED message which can be used to send Kerberos credentials from one principal to another. KerberosKeyThis class encapsulates a long term secret key for a Kerberos principal. KerberosPrincipalThis class encapsulates a Kerberos principal. KerberosTicketThis class encapsulates a Kerberos ticket and associated information as viewed from the client's point of view. KeyTabThis class encapsulates a keytab file. ServicePermissionThis class is used to protect Kerberos services and the credentials necessary to access those services.