3. Configuration

There are a few configuration options for the Kerberos plugin.

The plugin uses the Kerberos/SPNEGO Spring Security extension and the most relevant information about it can be found in this blog post.

All of these property overrides must be specified in grails-app/conf/Config.groovy using the grails.plugins.springsecurity suffix, for example
grails.plugins.springsecurity.kerberos.debug = true

There are two required properties:
kerberos.ticketValidator.servicePrincipalnone, requiredthe web application service principal, e.g. HTTP/www.example.com@EXAMPLE.COM
kerberos.ticketValidator.keyTabLocationnone, requiredthe URL to the location of the keytab file containing the service principal's credentials, e.g. file:///etc/http-web.keytab

and three optional properties:

kerberos.configLocationnullThe location of the Kerberos config file. Leave unset to use the default location (e.g. /etc/krb5.conf, c:winntkrb5.ini, /etc/krb5/krb5.conf)
kerberos.debugfalseif true enables debug logs from the Sun Kerberos Implementation
kerberos.ticketValidator.debugfalseif true enables ticket validator debug messages