Procedure
-
Download Kerberos for Windows release 4.1 and install it from this MIT distribution site.
Note: In the installation wizard, select the Complete option to install all of the program features. Do not select the Typical or the Custom option, in which only a part of the program features are installed.
-
All versions of Java from 1.8.0_161 enable the unlimited strength policy files
by default, see https://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html for more information. If you are using the
previous versions of Java, update the security policies of the JRE to be used using the patch from Oracle's Java download site.
This update is necessary due to import control restrictions of the U.S. For further information, please consult the README.txt file in the downloaded file.
To make this update, you can simply make a copy of the original JCE policy files (US_export_policy.jar and local_policy.jar in JAVA_HOME\lib\security) for backup and then replace the original JCE policy files with the corresponding policy files contained in the downloaded jce_policy-6.0.zip file.
Note: Although both JRE and JDK should work well with Kerberos, some tests Talend went through showed that JDK worked smoothly in some situations in which JRE had issues. -
Configure Kerberos on a local machine by setting up the
krb5.ini file.
A sample file can be found in this MIT configuration doc.
The file location can be specified by system property java.security.krb5.conf. If this property is not set, Java will try to locate this file in these locations (ordered by):
-
%JAVA_HOME%/lib/security/krb5.conf
-
%WINDOWS_ROOT%/krb5.ini
Some machines are possibly not allowed to read file from %WINDOWS_ROOT% such as C:\Windows; so it is recommended to put this file in the hidden folder C:\ProgramData\MIT\Kerberos5, too.
Alternatively, the system properties java.security.krb5.realm and java.security.krb5.kdc can be used.
-