{"id":666,"date":"2016-01-05T17:28:31","date_gmt":"2016-01-05T23:28:31","guid":{"rendered":"http:\/\/www.thedarktimes.us\/wordpress\/?p=666"},"modified":"2016-01-05T17:28:31","modified_gmt":"2016-01-05T23:28:31","slug":"httpsblogs-oracle-comblogbypuneethentryconfigure_kerberos_with_weblogic_server","status":"publish","type":"post","link":"https:\/\/www.thedarktimes.us\/wordpress\/uncategorized\/httpsblogs-oracle-comblogbypuneethentryconfigure_kerberos_with_weblogic_server\/%20","title":{"rendered":"https:\/\/blogs.oracle.com\/blogbypuneeth\/entry\/configure_kerberos_with_weblogic_server"},"content":{"rendered":"<p>https:\/\/blogs.oracle.com\/blogbypuneeth\/entry\/configure_kerberos_with_weblogic_server<\/p>\n<h3 class=\"entry-title\">Steps to configure Kerberos \/ SPNEGO \/ NTLM authentication with Weblogic Server running on Oracle JDK :<\/h3>\n<h4 class=\"entry-meta\">By Puneeth-Oracle on <a href=\"https:\/\/blogs.oracle.com\/blogbypuneeth\/entry\/configure_kerberos_with_weblogic_server#\">Jul 20, 2013<\/a><\/h4>\n<div class=\"entry-body\">\n<p>* The AD machine used in this configuration is : \u00a0SLKRBTRN6-01.slkrbtrn6.bea.com ( Windows 2008 R2 )<\/p>\n<p>* Weblogic Server is on machine : SLKRBTRN6-03. ( Windows XP )<\/p>\n<p>&#8212;&#8212;-<\/p>\n<p><span style=\"font-size: large;\"><strong>Step 1 :<\/strong><\/span><\/p>\n<p>&#8211; Create a new user say, &#8221; wlsclient &#8221; on AD for your Weblogic server instance.<\/p>\n<p><a title=\"create user\" href=\"https:\/\/blogs.oracle.com\/blogbypuneeth\/resource\/create_user1.jpg\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.oracle.com\/blogbypuneeth\/resource\/create_user1.jpg%20\" alt=\"\" width=\"436\" height=\"250\" align=\"middle\" \/><\/a><\/p>\n<p><strong>Note :<\/strong><\/p>\n<p>&#8211;\u00a0The account type should be &#8220;User&#8221;, not a &#8220;Computer&#8221; in the AD.<\/p>\n<p>&#8211; Check password never expires option for the user.<\/p>\n<p>&#8211; DES encryption type is disabled by default on Windows 2008 AD and hence donot check this option for the user.<\/p>\n<p>&#8211; If your AD is on Windows 2003, enable DES encyption type for your user &#8211;&gt; after enabling this option make sure you reset the password for this user.<\/p>\n<p>&#8211; If you want to use AES encryption type make sure you check &#8221;\u00a0<strong>This account supports AES 128 bit encryption &#8220;\/ &#8220;<\/strong><b>This account supports AES 256 bit encryption &#8220;<\/b> in the username &#8211;&gt; properties &#8211;&gt; Account Options field.<\/p>\n<p>&#8211; If you want to use \u00a0AES256-SHA1 cipher strength then,<\/p>\n<p>You need to download and install this bundle which provides &#8220;unlimited strength&#8221; policy files which contain no restrictions on cryptographic strengths.<\/p>\n<p>* For Oracle JDK 6: Download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 from<\/p>\n<p>Link : http:\/\/www.oracle.com\/technetwork\/java\/javase\/downloads\/jce-6-download-429243.html.<\/p>\n<p>* For Oracle JDK 7: Download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 from<\/p>\n<p>Link : http:\/\/www.oracle.com\/technetwork\/java\/javase\/downloads\/jce-7-download-432124.html .<\/p>\n<p>Overwrite 2 jar files under \u201c&lt;JAVA_HOME&gt;\/jre\/lib\/security\u201d directory with 2 jar files inside downloaded zip file.<\/p>\n<p><strong>Step 2 :<\/strong><\/p>\n<p>Create a krb5.ini file.<\/p>\n<p><strong>Syntax :<\/strong><\/p>\n<p>*****<\/p>\n<div><span style=\"color: #098708;\">[libdefaults]<br \/>\n<\/span><span style=\"color: #098708;\">default_realm = &lt;Identifies the default realm. Set its value to your Kerberos realm &#8211; all caps&gt;<br \/>\n<\/span><span style=\"color: #098708;\">default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5<br \/>\n<\/span><span style=\"color: #098708;\">default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5<br \/>\n<\/span><span style=\"color: #098708;\">permitted_enctypes = \u00a0aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5<br \/>\n<\/span><span style=\"color: #098708;\">ticket_lifetime = 600<br \/>\n<\/span><span style=\"color: #098708;\">kdc_timesync = 1<br \/>\n<\/span><span style=\"color: #098708;\">ccache_type = 4<br \/>\n<\/span>[realms]<br \/>\n&lt;Your Kerberos realm \u2013 remember all caps&gt; = {<br \/>\n<span style=\"color: #098708;\">kdc = &lt;IP address of the KDC\/AD server&gt;<br \/>\n<\/span><span style=\"color: #098708;\">(For Unix systems, you need to specify port 88, as in &lt;IP-address&gt;:88)<br \/>\n<\/span><span style=\"color: #098708;\">admin_server = &lt;FQDN &#8211; host name of the KDC\/AD server&gt;<br \/>\n<\/span><span style=\"color: #098708;\">default_domain = &lt;Windows domain name in caps&gt;<br \/>\n<\/span><span style=\"color: #098708;\">}<br \/>\n<\/span>[domain_realm]<br \/>\n<span style=\"color: #098708;\">.&lt;DNS domain name suffix, starting with .&gt; = &lt;Your Kerberos realm \u2013 remember all caps&gt;<br \/>\n<\/span><span style=\"color: #098708;\">&lt;DNS domain name suffix.&gt; = &lt;Your Kerberos realm \u2013 remember all caps&gt;<br \/>\n<\/span>[appdefaults]<br \/>\n<span style=\"color: #098708;\">autologin = true<br \/>\n<\/span><span style=\"color: #098708;\">forward = true<br \/>\n<\/span><span style=\"color: #098708;\">forwardable = true<br \/>\n<\/span><span style=\"color: #098708;\">encrypt = true<\/span><\/div>\n<p>*****<\/p>\n<p><a title=\"krb5.ini\" href=\"https:\/\/blogs.oracle.com\/blogbypuneeth\/resource\/create_krb5.jpg\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.oracle.com\/blogbypuneeth\/resource\/create_krb5.jpg\" alt=\"\" width=\"436\" height=\"250\" align=\"middle\" \/><\/a><\/p>\n<p><strong>Note :<\/strong><\/p>\n<p>* This file has to be created on the machine where Weblogic Server is installed.<\/p>\n<p>* If you have Weblogic Server installed on a Windows machines, create a file named krb5.ini \u00a0\/ On Unix machines, the file is called krb5.conf instead of krb5.ini.<\/p>\n<p>* See the following default Kerberos configuration files and their locations:<\/p>\n<p>[Windows] The default location is c:\\winnt\\krb5.ini.<\/p>\n<p>Note: if the krb5.ini file is not located in the c:\\winnt directory it might be located in c:\\windows.<\/p>\n<p>[Linux] The default location is \/etc\/krb5.conf.<\/p>\n<p>[AIX] [HP-UX] [Solaris] On other Unix platforms, the default location is \/etc\/krb5\/krb5.conf.<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/blogs.oracle.com\/blogbypuneeth\/entry\/configure_kerberos_with_weblogic_server Steps to configure Kerberos \/ SPNEGO \/ NTLM authentication with Weblogic Server running on Oracle JDK : By Puneeth-Oracle on Jul 20, 2013 * The AD machine used in this configuration is : \u00a0SLKRBTRN6-01.slkrbtrn6.bea.com ( Windows 2008 R2 ) * Weblogic Server is on machine : SLKRBTRN6-03. ( Windows XP ) &#8212;&#8212;- Step 1 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-666","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.thedarktimes.us\/wordpress\/wp-json\/wp\/v2\/posts\/666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thedarktimes.us\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thedarktimes.us\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thedarktimes.us\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thedarktimes.us\/wordpress\/wp-json\/wp\/v2\/comments?post=666"}],"version-history":[{"count":1,"href":"https:\/\/www.thedarktimes.us\/wordpress\/wp-json\/wp\/v2\/posts\/666\/revisions"}],"predecessor-version":[{"id":667,"href":"https:\/\/www.thedarktimes.us\/wordpress\/wp-json\/wp\/v2\/posts\/666\/revisions\/667"}],"wp:attachment":[{"href":"https:\/\/www.thedarktimes.us\/wordpress\/wp-json\/wp\/v2\/media?parent=666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thedarktimes.us\/wordpress\/wp-json\/wp\/v2\/categories?post=666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thedarktimes.us\/wordpress\/wp-json\/wp\/v2\/tags?post=666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}