The Java Authentication and Authorization Service (JAAS) is a pluggable authentication service, which is implemented by a login module. A particular instance of a JAAS service is known as a JAAS realm and is identified by a realm name.
Applications integrated with JAAS must be configured to use a specific realm, by specifying the realm name.
The default realm in Fuse ESB Enterprise is identified by the karaf realm name. The
standard administration services in Fuse ESB Enterprise (SSH remote console, JMX port, and so on) are
all configured to use the karaf realm by default.
Fuse ESB Enterprise provides the following alternative JAAS realm implementations:
In a standalone container, the karaf realm installs two JAAS login
modules, which are used in parallel:
PropertiesLoginModuleAuthenticates username/password credentials and stores the secure user data in the
InstallDir/etc/users.propertiesPublickeyLoginModuleAuthenticates SSH key-based credentials (consisting of a username and a public/private key pair). Secure user data is stored in the
InstallDir/etc/keys.properties
In a fabric, a karaf realm based on the ZookeeperLoginModule
login module is automatically installed in every container (the fabric-jaas
feature is included in the default profile) and is responsible for securing the SSH remote
console and other administrative services. The Zookeeper login module stores the secure user
data in the Fabric Registry.
![[Note]](imagesdb/note.gif) | Note |
|---|---|
In containers where the standalone JAAS realm and the Fabric JAAS realm are both
installed, the Fabric JAAS realm takes precedence, because it defines a |
It is also possible to configure a container to use an LDAP login module with JAAS. For details of how to set this up, see LDAP Authentication Tutorial in Security Guide.
 |  |  |
 |
