Book: Login Module Reference Revision: n_1575841_login-module-reference_version_6.4_edition_1.0_release_0-revision_6701191 Section: Kerberos Login Module Issue description: The section is not correct at all. Originally the "Kerberos" login module was really an alias for the Sun's Krb5LoginModule implementation, but now the "Kerberos" alias is used for "org.jboss.security.negotiation.KerberosLoginModule" which is a wrapper for Sun/Oracle and IBM Krb5LoginModule implementations with additional logic to cover credentials delegation. The Kerberos login module is part of JBoss Negotiation server module so there has to be configured module dependency in the deployment which uses this login module. JavaDoc of this wrapped login module says "A Kerberos LoginModule that wraps the JDK supplied module and has the additional capability of adding a GSSCredential to the populated Subject". Suggestions for improvement: Rewrite Kerberos login module section. Provide description for all module options, e.g. "delegationCredential", "addGSSCredential" and "credentialLifetime". Contact PM and/or devs for list of all supported options. Remove description of the other module options (coming from the Sun Krb5LoginModule Implementation) and add only a link to Sun/Oracle and IBM documentation.
Verified in Revision: n_1625523_login-module-reference_version_6.4_edition_1.0_release_0-revision_7256591