Creating a JAAS configuration file

Certain applications, such as those using the SolrJ library, require a Java Authentication and Authorization Service (JAAS) configuration file.

  • If you are authenticating using kinit to obtain credentials, you can configure the client to use your credentials cache by creating a JAAS file with the following contents:
    Client {
     com.sun.security.auth.module.Krb5LoginModule required
     useKeyTab=false
     useTicketCache=true
     principal="[***USER***]@[***REALM***]";
     };
  • If you want the client application to authenticate using a keytab, create a JAAS file with the following contents:
    Client {
     com.sun.security.auth.module.Krb5LoginModule required
     useKeyTab=true
     keyTab="[***PATH/TO/USER.KEYTAB***]"
     storeKey=true
     useTicketCache=false
     principal="[***USER***]/[***HOST NAME***]@[***REALM***]";
    };
[***USER***]
is a valid user name in your environment
/[***HOST NAME***]
If you use a service principal that includes the host name, make sure that it is included in the jaas.conf file (for example, solr/solr01.example.com@EXAMPLE.COM).
[***REALM***]
is your Kerberos realm
[***PATH/TO/USER.KEYTAB***]
is the path to the keytab file you want to use