/usr/share/augeas/lenses/dist/tests/test_jaas.aug is in augeas-lenses 1.4.0-0ubuntu1.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 | (* Module Jaas *)
(* Author: Simon Vocella <voxsim@gmail.com> *)
module Test_jaas =
let conf = "
/*
This is the JAAS configuration file used by the Shibboleth IdP.
A JAAS configuration file is a grouping of LoginModules defined in the following manner:
<LoginModuleClass> <Flag> <ModuleOptions>;
LoginModuleClass - fully qualified class name of the LoginModule class
Flag - indicates whether the requirement level for the modules;
allowed values: required, requisite, sufficient, optional
ModuleOptions - a space delimited list of name=\"value\" options
For complete documentation on the format of this file see:
http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html
For LoginModules available within the Sun JVM see:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/tutorials/LoginConfigFile.html
Warning: Do NOT use Sun's JNDI LoginModule to authentication against an LDAP directory,
Use the LdapLoginModule that ships with Shibboleth and is demonstrated below.
Note, the application identifier MUST be ShibUserPassAuth
*/
ShibUserPassAuth {
// Example LDAP authentication
// See: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass
/*
edu.vt.middleware.ldap.jaas.LdapLoginModule required
ldapUrl=\"ldap://ldap.example.org\"
baseDn=\"ou=people,dc=example,dc=org\"
ssl=\"true\"
userFilter=\"uid={0}\";
*/
// Example Kerberos authentication, requires Sun's JVM
// See: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass
/*
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=\"true\"
keyTab=\"/path/to/idp/keytab/file\";
*/
edu.vt.middleware.ldap.jaas.LdapLoginModule required
host = \"ldap://127.0.0.1:389\"
base = \"dc=example,dc=com\"
serviceUser = \"cn=admin,dc=example,dc=com\"
serviceCredential = \"ldappassword\"
ssl = \"false\"
userField = \"uid\"
// Example comment within definition
subtreeSearch = \"true\";
};
NetAccountAuth {
// Test of optionless flag
nz.ac.auckland.jaas.Krb5LoginModule required;
};
com.sun.security.jgss.krb5.initiate {
// Test of omitted linebreaks and naked boolean
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};"
test Jaas.lns get conf =
{ }
{ "#mcomment"
{ "1" = "This is the JAAS configuration file used by the Shibboleth IdP." }
{ "2" = "A JAAS configuration file is a grouping of LoginModules defined in the following manner:" }
{ "3" = "<LoginModuleClass> <Flag> <ModuleOptions>;" }
{ "4" = "LoginModuleClass - fully qualified class name of the LoginModule class" }
{ "5" = "Flag - indicates whether the requirement level for the modules;" }
{ "6" = "allowed values: required, requisite, sufficient, optional" }
{ "7" = "ModuleOptions - a space delimited list of name=\"value\" options" }
{ "8" = "For complete documentation on the format of this file see:" }
{ "9" = "http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html" }
{ "10" = "For LoginModules available within the Sun JVM see:" }
{ "11" = "http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/tutorials/LoginConfigFile.html" }
{ "12" = "Warning: Do NOT use Sun's JNDI LoginModule to authentication against an LDAP directory," }
{ "13" = "Use the LdapLoginModule that ships with Shibboleth and is demonstrated below." }
{ "14" = "Note, the application identifier MUST be ShibUserPassAuth" }
}
{ }
{ }
{ "login" = "ShibUserPassAuth"
{ }
{ "#comment" = "Example LDAP authentication" }
{ "#comment" = "See: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass" }
{ "#mcomment"
{ "1" = "edu.vt.middleware.ldap.jaas.LdapLoginModule required" }
{ "2" = "ldapUrl=\"ldap://ldap.example.org\"" }
{ "3" = "baseDn=\"ou=people,dc=example,dc=org\"" }
{ "4" = "ssl=\"true\"" }
{ "5" = "userFilter=\"uid={0}\";" }
}
{ }
{ "#comment" = "Example Kerberos authentication, requires Sun's JVM" }
{ "#comment" = "See: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass" }
{ "#mcomment"
{ "1" = "com.sun.security.auth.module.Krb5LoginModule required" }
{ "2" = "useKeyTab=\"true\"" }
{ "3" = "keyTab=\"/path/to/idp/keytab/file\";" }
}
{ }
{ "loginModuleClass" = "edu.vt.middleware.ldap.jaas.LdapLoginModule"
{ "flag" = "required"
{ "host" = "\"ldap://127.0.0.1:389\"" }
{ "base" = "\"dc=example,dc=com\"" }
{ "serviceUser" = "\"cn=admin,dc=example,dc=com\"" }
{ "serviceCredential" = "\"ldappassword\"" }
{ "ssl" = "\"false\"" }
{ "userField" = "\"uid\"" }
{ "#comment" = "Example comment within definition" }
{ "subtreeSearch" = "\"true\"" }
}
}
{ }
}
{ }
{ }
{ "login" = "NetAccountAuth"
{ "#comment" = "Test of optionless flag" }
{ "loginModuleClass" = "nz.ac.auckland.jaas.Krb5LoginModule"
{ "flag" = "required" }
}
{ }
}
{ }
{ }
{ "login" = "com.sun.security.jgss.krb5.initiate"
{ "#comment" = "Test of omitted linebreaks and naked boolean" }
{ "loginModuleClass" = "com.sun.security.auth.module.Krb5LoginModule"
{ "flag" = "required"
{ "useTicketCache" = "true" }
}
}
{ }
}
|