You are here

Kerberos configuration properties

To enable full Kerberos support in Alfresco Content Services and the SSO authentication filters, each need a Kerberos service ticket.

The Kerberos subsystem supports the following properties:

The Kerberos realm with which to authenticate. The realm should be the domain name in upper case; for example, if the domain is then the realm should be ALFRESCO.ORG.
A value of true enables SPNEGO/Kerberos based Single Sign On (SSO) functionality in the web client. If the value is false and no other members of the authentication chain support SSO, password-based login is used.
If SSO fails, a fallback authentication mechanism is used. The default value is true.
The name of the entry in the JAAS configuration file that is used for password-based authentication. The default value Alfresco is recommended.
The name of the entry in the JAAS configuration file that is used for web-based Single-Sign On (SSO). The default value AlfrescoHTTP is recommended.
A comma separated list of user names that are treated as administrators by default.
Authentication using a ticket parameter in the request URL. The default value is true. Note that WebDAV URLs always accept ticket parameters.
A value of true strips the @domain suffix from Kerberos authenticated user names in SPP, WebDAV and the Web Client. A value of false enables a multi-domain customer to use the @domain suffix.

For Kerberos to work with user names that contain non-ASCII characters, add the following option to JAVA_OPTS for the Share JVM:

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.