KEYCLOAK-17646 tool tip for krb5 multi-SPN config

The specified server principal is eventually passed to createJaasConfigurationForServer() in com.sun.security.auth.module.Krb5LoginModule, which accepts a special value of '*' to indicate that tickets for all service principals contained in the given keytab file should be accepted. This is the only way to allow more than one service principal name (eg. for a multi-homes setup), and this setting is not obvious without knowledge of the underlying API. Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
2021-04-01 18:59:35 +02:00 · 2021-04-01 18:59:35 +02:00 · 47f736f819
commit 47f736f819
parent f1face6973
1 changed files with 1 additions and 1 deletions
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
@ -1157,7 +1157,7 @@ unlink-users=Unlink users
 kerberos-realm=Kerberos Realm
 kerberos-realm.tooltip=Name of kerberos realm. For example FOO.ORG
 server-principal=Server Principal
-server-principal.tooltip=Full name of server principal for HTTP service including server and domain name. For example HTTP/host.foo.org@FOO.ORG
+server-principal.tooltip=Full name of server principal for HTTP service including server and domain name. For example 'HTTP/host.foo.org@FOO.ORG'. Use '*' to accept any service principal in the KeyTab file.
 keytab=KeyTab
 keytab.tooltip=Location of Kerberos KeyTab file containing the credentials of server principal. For example /etc/krb5.keytab
 debug=Debug