The beans defined in authn/krb5-authn-config.xml follow. These are defaults that can be overridden per-validator in whole or in part. Bean ID | Type | Default | Description |
---|
shibboleth.authn.Krb5.RefreshConfig | Boolean | False | Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt | shibboleth.authn.Krb5.PreserveTicket | Boolean | False | Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set | shibboleth.authn.Krb5.ServicePrincipal
| String |
| Name of a service principal to use to verify the KDC supplying the TGT, by requesting and verifying a service ticket issued for it | shibboleth.authn.Krb5.Keytab
| Path |
| Path to a keytab file containing keys belonging to the service principal defined above |
Localtab live |
---|
active | true |
---|
title | Properties (V4.1+) |
---|
|
The following properties are usable in authn/authn.properties to control Kerberos use. These are defaults that can be overridden per-validator in whole or in part. Name | Default | Description |
---|
idp.authn.Krb5.refreshConfig | false | Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt | idp.authn.Krb5.preserveTicket | false | Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set | idp.authn.Krb5.servicePrincipal
|
| Name of a service principal to use to verify the KDC supplying the TGT, by requesting and verifying a service ticket issued for it | idp.authn.Krb5.keytab
|
| Path to a keytab file containing keys belonging to the service principal defined above |
|