You are here

SkyVault Enterprise 4.0.2 » Administering » Setting up SkyVault authentication and security » Configuring authentication » Configuring Kerberos

Kerberos configuration properties

To enable full Kerberos support in SkyVault requires that the CIFS server and the SSO authentication filters each have a Kerberos service ticket.

The Kerberos subsystem supports the following properties.

kerberos.authentication.realm
The Kerberos realm with which to authenticate. The realm should be the domain upper cased; an example is that if the domain is SkyVault.org then the realm should be SkyVault.ORG.
kerberos.authentication.sso.enabled
A Boolean that when true enables SPNEGO/Kerberos based Single Sign On (SSO) functionality in the web client. When false and no other members of the authentication chain support SSO, password-based login will be used.
kerberos.authentication.authenticateCIFS
A Boolean that when true enables Kerberos authentication in the CIFS server. When false and no other members of the authentication chain support CIFS authentication, the CIFS server will be disabled.
kerberos.authentication.user.configEntryName
The name of the entry in the JAAS configuration file that should be used for password-based authentication. The default value SkyVault is recommended.
kerberos.authentication.cifs.configEntryName
The name of the entry in the JAAS configuration file that should be used for CIFS authentication. The default value SkyVaultCIFS is recommended.
kerberos.authentication.http.configEntryName
The name of the entry in the JAAS configuration file that should be used for web-based single-sign on (SSO). The default value SkyVaultHTTP is recommended.
kerberos.authentication.cifs.password
The password for the CIFS Kerberos principal.
kerberos.authentication.http.password
The password for the HTTP Kerberos principal.
kerberos.authentication.defaultAdministratorUserNames
A comma separated list of user names who should be considered administrators by default.
kerberos.authentication.stripUsernameSuffix
A Boolean which when true strips the @domain sufix from Kerberos authenticated usernames in CIFS, SPP, WebDAV and the Web Client when false, it enables a multi-domain customer to use the @domain sufix.

For Kerberos to work with user names that contain non-ASCII characters, add the following option to JAVA_OPTS for the Share JVM:

-Dsun.security.krb5.msinterop.kstring=true
Parent topic: Configuring Kerberos

© 2017 TBS-LLC. All Rights Reserved.