From 47f736f819f3cef515bdc507b46845ee09beeccc Mon Sep 17 00:00:00 2001 From: Daniel Kobras Date: Thu, 1 Apr 2021 18:59:35 +0200 Subject: [PATCH] KEYCLOAK-17646 tool tip for krb5 multi-SPN config The specified server principal is eventually passed to createJaasConfigurationForServer() in com.sun.security.auth.module.Krb5LoginModule, which accepts a special value of '*' to indicate that tickets for all service principals contained in the given keytab file should be accepted. This is the only way to allow more than one service principal name (eg. for a multi-homes setup), and this setting is not obvious without knowledge of the underlying API. Signed-off-by: Daniel Kobras --- .../theme/base/admin/messages/admin-messages_en.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties index f3995a74cf5..0c059563b75 100644 --- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties +++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties @@ -1157,7 +1157,7 @@ unlink-users=Unlink users kerberos-realm=Kerberos Realm kerberos-realm.tooltip=Name of kerberos realm. For example FOO.ORG server-principal=Server Principal -server-principal.tooltip=Full name of server principal for HTTP service including server and domain name. For example HTTP/host.foo.org@FOO.ORG +server-principal.tooltip=Full name of server principal for HTTP service including server and domain name. For example 'HTTP/host.foo.org@FOO.ORG'. Use '*' to accept any service principal in the KeyTab file. keytab=KeyTab keytab.tooltip=Location of Kerberos KeyTab file containing the credentials of server principal. For example /etc/krb5.keytab debug=Debug