Configuration files
For command shortcuts editing the configuration files, see the administrative command-line interface.
The following configuration files control the behavior of nevisAuth:
Process environment:
- JAVA_HOME (optional): use the specified JRE/JDK
- JAVA_OPTS: JVM command-line options
- Heap size
- Garbage collector
- JSSE configuration properties
- JNDI configuration properties
- CLASSPATH (optional): JVM classpath. The JVM classpath is considered at server startup. It may be used to provide libraries that are required at server startup, for example security libraries such as Securosys.
Example:
CLASSPATH="/var/opt/nevisauth/<instance>/lib/*:
Server configuration:
- Scaling (concurrency with worker threads)
- Network settings (host, port, protocol, TLS, etc.)
Logging configuration:
- Configuration of log levels for individual components
- Audit channel if the file rotation policy or output file needs to be customized
esauth4.xml
The AuthEngine and AuthStates are configured in the esauth4.xml file. The schema esauth4.dtd is used to validate this configuration. It contains a complete reference to all possible configuration attributes and the values for the built-in defaults.
For more detail see the components and plugins sections.
LitDict.properties, LitDict_de.properties, LitDict_fr.properties, LitDict_it.properties
Contains the built-in language support for the default esauth4.xml configuration. See Language support for details.
esauth4.security
Contains additional Java cryptographic providers to be loaded for HSM support. The following providers are supported:
- Sun Java 1.5 PKCS#11 provider, limited support due to implementation restrictions, for example, keys and certificates with different labels and multiple copies of the same certificate are not supported)
- IBM PKCS#11 provider
We recommend adding additional PKCS#11 providers with low priority to prevent side effects.
pkcs11.cfg
This file is referenced by esauth4.security if the JRE PKCS#11 layer needs to be configured. It contains vendor specific driver settings: the PKCS#11 driver library to load, and special settings how JRE should access the driver.
java-krb5.conf
This configuration file is required by the Kerberos support of Java.
kerberos-credentials.properties
This configuration file is required by the FrontendKerberosAuthState.
The configuration files are located under: /var/opt/nevisauth/<instance>/conf