Chapter 4. Passing Authentication Properties to the Server
After you have set up JBoss Negotiation, you need to make sure to pass the Kerberos realm properties to JBoss Application Server:
- java.security.krb5.realm
- the Kerberos realm the server authenticates against
- java.security.krb5.kdc
- KDC hostname
Note
Skip this step if you are running your JBoss installation on a host which is already configured to authenticate against a KDC.
For further information about the properties, refer to Java Generic Security Services (Java GSS) and Kerberos.
You can pass the properties to the server either from the command line or add them to the server properties.
4.1. Passing the Properties from the Command Line
To send the properties to the server from the command line, substitute KERBEROS.JBOSS.ORG with your realm and issue the
run
command with the respective Java properties:
- On Red Hat Enterprise Linux, run the following command:
./run.sh -Djava.security.krb5.realm=KERBEROS.JBOSS.ORG -Djava.security.krb5.kdc=kerberos.security.jboss.org
- On Windows, run the following command:
run.bat Djava.security.krb5.realm=KERBEROS.JBOSS.ORG -Djava.security.krb5.kdc=kerberos.security.jboss.org
These properties are valid only until the server shutdown and you need to pass them to the server on every start.