Creating a JAAS configuration file
Certain applications, such as those using the SolrJ library, require a Java Authentication and Authorization Service (JAAS) configuration file.
- If you are authenticating using
kinit
to obtain credentials, you can configure the client to use your credentials cache by creating a JAAS file with the following contents:Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=false useTicketCache=true principal="[***USER***]@[***REALM***]"; };
- If you want the client application to authenticate using a keytab, create a
JAAS file with the following contents:
Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="[***PATH/TO/USER.KEYTAB***]" storeKey=true useTicketCache=false principal="[***USER***]/[***HOST NAME***]@[***REALM***]"; };
- [***USER***]
- is a valid user name in your environment
- /[***HOST NAME***]
- If you use a service principal that includes the host name, make sure that
it is included in the
jaas.conf
file (for example,solr/solr01.example.com@EXAMPLE.COM
). - [***REALM***]
- is your Kerberos realm
- [***PATH/TO/USER.KEYTAB***]
- is the path to the keytab file you want to use