com.datastax.driver.core.sasl
Class KerberosAuthenticator
java.lang.Object
com.datastax.driver.core.sasl.KerberosAuthenticator
- All Implemented Interfaces:
- Authenticator
public class KerberosAuthenticator
- extends Object
- implements Authenticator
Responsible for authenticating with secured DSE services using Kerberos
over GSSAPI & SASL. The actual SASL negotiation is delegated to a
PrivilegedSaslClient which performs the priviledged actions on behalf
of the logged in user.
The SASL protocol name defaults to "dse"; should you need to change that
it can be overridden using the dse.sasl.protocol system property.
Keytab and ticket cache settings are specified using a standard JAAS
configuration file. The location of the file can be set using the
java.security.auth.login.config system property or by adding a
login.config.url.n entry in the java.security properties
file.
See http://docs.oracle.com/javase/1.4.2/docs/guide/security/jaas/tutorials/LoginConfigFile.html
for further details on the Login configuration file and
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/tutorials/GeneralAcnOnly.html
for more on JAAS in general.
Authentication using ticket cache
Run kinit to obtain a ticket and populate the cache before
connecting. JAAS config:
DseClient {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
renewTGT=true;
};
Authentication using a keytab file
To enable authentication using a keytab file, specify its location on disk.
If your keytab contains more than one principal key, you should also specify
which one to select.
DseClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/path/to/file.keytab"
principal="user@MYDOMAIN.COM";
};
|
Method Summary |
byte[] |
evaluateChallenge(byte[] challenge)
Evaluate a challenge received from the Server. |
byte[] |
initialResponse()
Obtain an initial response token for initializing the SASL handshake |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
JAAS_CONFIG_ENTRY
public static final String JAAS_CONFIG_ENTRY
- See Also:
- Constant Field Values
SUPPORTED_MECHANISMS
public static final String[] SUPPORTED_MECHANISMS
SASL_PROTOCOL_NAME
public static final String SASL_PROTOCOL_NAME
- See Also:
- Constant Field Values
SASL_PROTOCOL_NAME_PROPERTY
public static final String SASL_PROTOCOL_NAME_PROPERTY
- See Also:
- Constant Field Values
KerberosAuthenticator
public KerberosAuthenticator(InetAddress host)
initialResponse
public byte[] initialResponse()
- Description copied from interface:
Authenticator
- Obtain an initial response token for initializing the SASL handshake
- Specified by:
initialResponse in interface Authenticator
- Returns:
- the initial response to send to the server, may be null
evaluateChallenge
public byte[] evaluateChallenge(byte[] challenge)
- Description copied from interface:
Authenticator
- Evaluate a challenge received from the Server. Generally, this method
should return null when authentication is complete from the client
perspective
- Specified by:
evaluateChallenge in interface Authenticator
- Parameters:
challenge - the server's SASL challenge
- Returns:
- updated SASL token, may be null to indicate the client
requires no further action
Copyright © 2013. All Rights Reserved.