Gateway Server Security |
Gateway |
 |
|
Gateway Server Security |
Gateway |
|
Trail: PROIV Documentation > Administration > Control Panel > Managing the Gateways > Managing Gateway Servers > Modifying a Gateway Server > Gateway Server Security
By default the gateway servers are configured so that no user authentication takes place. The gateway is supplied with JAAS (Java Authentication and Authorization Service) user authentication and this needs to be configured to work with an authentication module. You can use the Kerberos Key Distribution Centre (KDC) used by Windows and many Unix platforms or you can define your own authentication module.
Set the User Authenticator configuration property to JAAS.
Start the gateway with the following system properties:
java.security.auth.login.config Set this to the path to the kerberos.login.config file supplied in the jar file.
java.security.krb5.realm Set this to the realm of your Kerberos instance. It is generally upper case and of the form MYDOMAIN.COM.
java.security.krb5.kdc Set this to the name of the server on your network running the KDC.
As an alternative to setting the java.security.krb5.realm and java.security.krb5.kdc system properties, the Kerberos LoginModule can be configured using a configuration file. To do this set the system property java.security.krb5.conf to point to a valid Kerberos configuration file. A sample Kerberos configuration file called default_krb5.ini is supplied in the nothgate-java-bus.jar.
 |
Adding the debug=true option to the JAAS configuration will cause the Kerberos authentication to send debug information to stdout. |
In order to use other authentication modules you must supply a Java LoginModule. This needs to be identified to the JAAS by changing the JAAS configuration file Kerberos.login.config. As shown below this file contains a bus element that identifies the LoginModule.
bus{
com.sun.security.auth.module.Krb5LoginModule required;
};
Topic ID: 250010