Kerberos
This section provides a complete list of the Kerberos properties you can configure in the connection string for this provider.
|
Property |
Description |
|
KerberosKDC |
The Kerberos Key Distribution Center (KDC) service used to authenticate the user. |
|
KerberosRealm |
The Kerberos Realm used to authenticate the user with. |
|
KerberosSPN |
The Service Principal Name for the Kerberos Domain Controller. |
|
UsePlatformKerberosAPI |
This setting determines if the platform's Kerberos API is used. |
KerberosKDC
The Kerberos Key Distribution Center (KDC) service used to authenticate the user.
Data Type
string
Default Value
""
Remarks
The Kerberos properties are used when using Windows Authentication. The provider will request session tickets and temporary session keys from the Kerberos Key Distribution Center (KDC) service. The Kerberos Key Distribution Center (KDC) service is conventionally colocated with the domain controller. If Kerberos KDC is not specified the provider will attempt to detect these properties automatically from the following locations:
| • | Java System Properties: Kerberos settings can be configured in Java using the config file krb5.conf, or using the system properties java.security.krb5.realm and java.security.krb5.kdc. The provider will use the system settings if KerberosRealm and KerberosKDC are not explicitly set. |
| • | Domain Name and Host: The provider will infer the Kerberos Realm and Kerberos KDC from the configured domain name and host as a last resort. |
Note: Windows authentication is supported in JRE 1.6 and above only.
KerberosRealm
The Kerberos Realm used to authenticate the user with.
Data Type
string
Default Value
""
Remarks
The Kerberos properties are used when using SPNEGO or Windows Authentication. The Kerberos Realm is used to authenticate the user with the Kerberos Key Distribution Service (KDC). The Kerberos Realm can be configured by an administrator to be any string, but conventionally it is based on the domain name. If Kerberos Realm is not specified the provider will attempt to detect these properties automatically from the following locations:
| • | Java System Properties: Kerberos settings can be configured in Java using a config file (krb5.conf) or using the system properties java.security.krb5.realm and java.security.krb5.kdc. The provider will use the system settings if KerberosRealm and KerberosKDC are not explicitly set. |
| • | Domain Name and Host: The provider will infer the Kerberos Realm and Kerberos KDC from the user-configured domain name and host as a last resort. This might work in some Windows environments. |
Note: Kerberos-based authentication is supported in JRE 1.6 and above only.
KerberosSPN
The Service Principal Name for the Kerberos Domain Controller.
Data Type
string
Default Value
""
Remarks
If the Service Principal Name on the Kerberos Domain Controller is not the same as the URL that you are authenticating to, set the Service Principal Name here.
UsePlatformKerberosAPI
This setting determines if the platform's Kerberos API is used.
Data Type
bool
Default Value
false
Remarks
This setting determines if the platform's Kerberos API is used. By default no platform APIs are relied on to perform Kerberos authentication. Use of the platform API may be enabled by setting this to True. The default value is False.
Note: This functionality is only available on Windows.