Questo contenuto non è disponibile nella lingua selezionata.
2.2. Defining Server Security Domain
				The application server must define a security domain to be able to authenticate to the KDC for the first time.
			
Important
					Krb5LoginModule can use a local credentials cache; however, this option is incompatible with the storeKey option, which is required by SPNEGO. Make sure the module does not use the local credentials cache.
				
				To define a server security domain, do the following:
			
- Open the$JBOSS_HOME/server/$PROFILE/conf/login-config.xmlfile for editing.
- Define the application policy element with the authentication element with the following options:- storeKey
- Iftruethe private key is cached in the Subject (set totrue).
- useKeyTab
- Iftruethe key is loaded from a keyTab file (set totrue).
- principal
- The attribute needs to state the full name of the principal to obtain from the keyTab file.
- keyTab
- The attribute defines the full path to the keyTab file with the server key (key for encrypting the information between the server and KDC).
- doNotPrompt
- Iftruepassword prompting is turned off (as this is a server, set totrue).
- debug
- Iftruethe system logs additional debug information to STDOUT.
 
Example 2.1. Server security domain