To enable Kerberos under JBoss 4.x or 5.x, you must set
up a special Engine Kerberos Service Authentication Provider.
About this task
To set up the special Engine Kerberos Service Authentication
Provider:
Procedure
- Copy the Engine-authn.jar to the following
location:
Option |
Description |
Windows |
%JBOSS_HOME%\server\default\lib |
UNIX |
${JBOSS_HOME}/server/default/lib |
This JAR file can be found in the install_path\FileNet\ContentEngine\Kerberos directory.
If Configuration Manager is used, it might have already copied the
jar file to the directory.
- Edit the %JBOSS_HOME%\server\default\config\login-config.xml file
(or ${JBOSS_HOME}/server/default/config/login-config.xml on
UNIX/Linux) by adding the following lines right before the LdapExtLoginModule
or LdapLoginModule line in the FileNet stanza.
Also change the flag of the LdapExtLoginModule / LdapLoginModule line
from required to sufficient if necessary.
<!-- Kerberos login module -->
<login-module code=
"com.filenet.engine.authentication.kerberos.login.KrbServiceLoginModule"
flag="sufficient">
<module-option name =
"debug">true</module-option>
</login-module>
- Edit the login-config.xml file again
and add the following stanza after the last of the other <application-policy>
entries:
<application-policy
name="FileNetP8KerberosService"><authentication><login-module
code="com.filenet.api.authentication.jboss.login.FnClientLoginModule"
flag="required"></login-module></authentication></application-policy>