Package oracle.kv

Class KerberosCredentials

java.lang.Object

oracle.kv.KerberosCredentials

All Implemented Interfaces:

Serializable, oracle.kv.impl.util.FastExternalizable, LoginCredentials

public class KerberosCredentials
extends Object
implements LoginCredentials, Serializable

Login credentials for Kerberos authentication.

This class provides a way for an application to authenticate as a particular Kerberos user when accessing a KVStore instance.

There are two approaches that client applications can use to authenticate using Kerberos. Client applications that use the Java Authentication and Authorization Service (JAAS) programming framework can specify credentials by using the Subject.doAs(javax.security.auth.Subject, java.security.PrivilegedAction<T>) method.

Applications that do not use the JAAS framework can use this class to specify a Kerberos identity. The credentials of the specified user will be acquired from the Kerberos Key Distribution Center (KDC) based on the values specified for the KerberosCredentials instance.

Since:

3.5

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor	Description
KerberosCredentials(String username, Properties krbProperties)	Creates Kerberos user credentials.

Method Summary

Modifier and Type	Method	Description
Properties	getKrbProperties()	Returns the Kerberos login properties.
String	getUsername()	Identifies the user owning the credentials.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface oracle.kv.impl.util.FastExternalizable

deserializedForm

Constructor Detail

KerberosCredentials

public KerberosCredentials(String username,
                           Properties krbProperties)
                    throws IllegalArgumentException

Creates Kerberos user credentials. The properties passed in are used to retrieve the Kerberos credentials of the specified user from the Kerberos Key Distribution Center (KDC).

If, as recommended, each server host uses a different principal name that includes an individual instance name, the KVSecurityConstants.AUTH_KRB_SERVICES_PROPERTY should specify the mappings of server hostnames to Kerberos service principal names. Users may need to provide Kerberos login properties so that underlying authentication system can retrieve credentials from KDC. The properties currently supported:

• KVSecurityConstants.AUTH_KRB_CCACHE_PROPERTY
• KVSecurityConstants.AUTH_KRB_KEYTAB_PROPERTY
• KVSecurityConstants.AUTH_KRB_MUTUAL_PROPERTY

When multiple properties are set, for example, KVSecurityConstants.AUTH_KRB_CCACHE_PROPERTY and KVSecurityConstants.AUTH_KRB_KEYTAB_PROPERTY, the underlying login service will retrieve credentials of this user in following preference order:

1. credentials cache
2. keytab

Without setting credential cache and keytab property, this method will attempt to retrieve ticket or key from default credential cache or keytab.

Parameters:

username - the name of the user

krbProperties - the Kerberos login properties

Throws:

IllegalArgumentException

Method Detail

getUsername

public String getUsername()

Description copied from interface: LoginCredentials

Identifies the user owning the credentials.

Specified by:

getUsername in interface LoginCredentials

Returns:

the name of the user for which the credentials belong.

See Also:

LoginCredentials.getUsername()

getKrbProperties

public Properties getKrbProperties()

Returns the Kerberos login properties. These properties are used to get credentials from the Kerberos Key Distribution Center (KDC).

Returns:

the Kerberos login properties