Add documentation

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2616 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/resources/conf/login.config b/resources/conf/login.config
index 021317b..5926c2d 100644 (file)
--- a/resources/conf/login.config
+++ b/resources/conf/login.config
@@ -1,8 +1,44 @@
+/*
+  This is the JAAS configuration file used by the Shibboleth IdP.
+  
+  A JAAS configuration file is a grouping of LoginModules defined in the following manner:
+  <LoginModuleClass> <Flag> <ModuleOptions>;
+  
+  LoginModuleClass - fully qualified class name of the LoginModule class
+  Flag             - indicates whether the requirement level for the modules; 
+                         allowed values: required, requisite, sufficient, optional
+  ModuleOptions    - a space delimited list of name="value" options
+  
+  For complete documentation on the format of this file see:
+  http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html
+  
+  For LoginModules available within the Sun JVM see:
+  http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/tutorials/LoginConfigFile.html
+  
+  Warning: Do NOT use Sun's JNDI LoginModule to authentication against an LDAP directory,
+  Use the LdapLoginModule that ships with Shibboleth and is demonstrated below.
+
+  Note, the application identifier MUST be ShibUserPassAuth
+*/
+
+
 ShibUserPassAuth {
+
+// Example LDAP authentication
+// See: https://spaces.internet2.edu/display/SHIB2/IdPAuthUserPass
+/*
    edu.vt.middleware.ldap.jaas.LdapLoginModule required
       host="ldap.example.org"
       base="ou=people,dc=example,dc=org"
       ssl="true"
-      userField="uid"
-   ;
+      userField="uid";
+*/
+
+// Example Kerberos authentication, requires Sun's JVM
+// See: https://spaces.internet2.edu/display/SHIB2/IdPAuthUserPass
+/*
+   com.sun.security.auth.module.Krb5LoginModule required
+      keyTab="/path/to/idp/keytab/file";
+*/
+
 };
\ No newline at end of file