4.2. Adding the Properties to the System Properties
To make the properties permanent and have an application server start always with the SPNEGO mechanism, define the properties in the
$JBOSS_HOME/server/$PROFILE/deploy/properties-service.xml
descriptor. Make sure the properties are loaded before the first authentication attempt (JBoss does not allow any incoming HTTP connections before the server has started up fully).
Open the descriptor and add the following attribute to the
jboss:type=Service,name=SystemProperties
MBean:
<attribute name="Properties"> java.security.krb5.kdc=kerberos.security.jboss.org java.security.krb5.realm=KERBEROS.JBOSS.ORG </attribute>
4.2.1. Multiple KDCs
If you are using one or more slave KDCs in addition to your master KDC, list the KDCs in a colon-separated list after the java.security.krb5.kdc system property. The system will use the provided alternative KDC if the master KDC is not available.
Example 4.1. Running a server with multiple KDCs
./run.sh -Djava.security.krb5.realm=KERBEROS.JBOSS.ORG:SLAVE_KDC.JBOSS.ORG -Djava.security.krb5.kdc=kerberos.security.jboss.org