The Kerberos subsystem supports the following properties:
- The Kerberos realm with which to authenticate. The realm should be the domain name in upper case; for example, if the domain is alfresco.org then the realm should be ALFRESCO.ORG.
- A value of true enables SPNEGO/Kerberos based Single Sign On (SSO) functionality in the web client. If the value is false and no other members of the authentication chain support SSO, password-based login is used.
- If SSO fails, a fallback authentication mechanism is used. The default value is true.
- The name of the entry in the JAAS configuration file that is used for password-based authentication. The default value Alfresco is recommended.
- The name of the entry in the JAAS configuration file that is used for web-based Single-Sign On (SSO). The default value AlfrescoHTTP is recommended.
- A comma separated list of user names that are treated as administrators by default.
- Authentication using a ticket parameter in the request URL. The default value is true. Note that WebDAV URLs always accept ticket parameters.
- A value of true strips the @domain suffix from Kerberos authenticated user names in SPP, WebDAV and the Web Client. A value of false enables a multi-domain customer to use the @domain suffix.
For Kerberos to work with user names that contain non-ASCII characters, add the following option to JAVA_OPTS for the Share JVM: