Using KeyTab

Refer the following table for details of the configuration file: 

Field Name

Description/Action

KerberosServer

Name of the login module

required principal

Unique identity to which Kerberos can assign tickets. Principals can have an arbitrary number of components. Each component is separated by a component separator, generally `/', e.g., "HTTP/ADSRV014.adeptiaserver.com".

useKeyTab

Set this to true if you want the module to get the principal's key from the keytab

keyTab

File containing pairs of Kerberos principals and encrypted keys (which are derived from the Kerberos password). Mention the path of this file here, e.g., "d:/kerberos/testuser.keytab"

storeKey

If the configuration entry for Kerberos Login Module has the option storeKey set to true, KerberosKey will also be added to the subject's private credentials. KerberosKey, the principal's key will be either obtained from the keytab or derived from user's password

Debug

Enabling this can be helpful to know the root cause of an authentication error

realm 

DNS domain in upper case. For example, "ADEPTIASERVER.COM"

isInitiator

Set this to true, if initiator. Set this to false, if acceptor only.