Since: API level 23
public static class

AuthenticationConfig.AuthenticationRequestKeys

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.container.AuthenticationConfig.AuthenticationRequestKeys

Deprecated in API level 33

Class Overview

This class contains a set of string constants which serve as keys to provide the parameters needed to authenticate users. These keys can be used in a Bundle and provided as arguments to setAuthenticatorConfig methods. MDM administrators have to provide these values based on the requirements of the authentication for the enterprise identity.

Since
API level 23
MDM 5.9

Summary

Constants
String ADMIN_SERVER Deprecated in API level 33
String CANONICALIZE Deprecated in API level 33
String DEFAULT_DOMAIN Deprecated in API level 33
String DEFAULT_REALM Deprecated in API level 33
String DNS_CANONICALIZE_HOSTNAME Deprecated in API level 33
String DNS_LOOKUP_KDC Deprecated in API level 33
String DNS_LOOKUP_REALM Deprecated in API level 33
String FEDERATION_SERVER_URL Deprecated in API level 33
String FORWARDABLE Deprecated in API level 33
String KDC Deprecated in API level 33
String KPASSWD_SERVER Deprecated in API level 33
String KRB5_CONFIG_DATA Deprecated in API level 33
String MASTER_KDC Deprecated in API level 33
String NOADDRESSES Deprecated in API level 33
String PKINIT_ANCHORS Deprecated in API level 33
String PKINIT_IDENTITIES Deprecated in API level 33
String RDNS Deprecated in API level 33
String RENEW_LIFETIME Deprecated in API level 33
String TICKET_LIFETIME Deprecated in API level 33
String UDP_PREFERENCE_LIMIT Deprecated in API level 33
Public Constructors
AuthenticationRequestKeys()
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final String ADMIN_SERVER

Since: API level 23

Deprecated in API level 33

Use this key to specify the host where the administration server is running. Typically, this is the master Kerberos server. This tag must be given a value in order to communicate with the kadmind server for the realm.

Since
API level 23
MDM 5.9
Constant Value: "REALMS_ADMIN_SERVER"

public static final String CANONICALIZE

Since: API level 23

Deprecated in API level 33

Use this key to set the canonicalize flag to true or false. If this flag is set to true, initial ticket requests to the KDC will request canonicalization of the client principal name, and answers with different client principals than the requested principal will be accepted. The default value is false.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_CANONICALIZE"

public static final String DEFAULT_DOMAIN

Since: API level 23

Deprecated in API level 33

Use this key to specify the domain used to expand hostnames when translating Kerberos 4 service principals to Kerberos 5 principals (for example, when converting rcmd.hostname to host/hostname.domain).

Since
API level 23
MDM 5.9
Constant Value: "REALMS_DEFAULT_DOMAIN"

public static final String DEFAULT_REALM

Since: API level 23

Deprecated in API level 33

Use this key to provide the default Kerberos realm for the client. Set its value to your Kerberos realm. If this value is not set, then a realm must be specified with every Kerberos principal when invoking programs such as kinit.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_DEFAULT_REALM"

public static final String DNS_CANONICALIZE_HOSTNAME

Since: API level 23

Deprecated in API level 33

Use this key to set the hostname canonicalize flag to true or false. Indicate whether name lookups will be used to canonicalize hostnames for use in service principal names. Setting this flag to false can improve security by reducing reliance on DNS, but means that short hostnames will not be canonicalized to fully-qualified hostnames. The default value is true.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_DNS_CANONICALIZE_HOSTNAME"

public static final String DNS_LOOKUP_KDC

Since: API level 23

Deprecated in API level 33

Use this key to indicate whether DNS SRV records should be used to locate the KDCs and other servers for a realm, if they are not listed in the krb5.conf information for the realm. Enabling this option does open up a type of denial-of-service attack, if someone spoofs the DNS records and redirects you to another server. However, it's no worse than a denial of service, because that fake KDC will be unable to decode anything you send it (besides the initial ticket request, which has no encrypted data), and anything the fake KDC sends will not be trusted without verification using some secret that it won't know.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_DNS_LOOKUP_KDC"

public static final String DNS_LOOKUP_REALM

Since: API level 23

Deprecated in API level 33

Use this key to set the default dns lookup realm to true or false.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_DNS_LOOKUP_REALM"

public static final String FEDERATION_SERVER_URL

Since: API level 23

Deprecated in API level 33

Use this key to specify the federation server URL.

Since
API level 23
MDM 5.9
Constant Value: "FEDERATION_SERVER_URL"

public static final String FORWARDABLE

Since: API level 23

Deprecated in API level 33

Use this key to set the forwardable flag. If this flag is true, initial tickets will be forwardable by default, if allowed by the KDC. The default value is false.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_FORWARDABLE"

public static final String KDC

Since: API level 23

Deprecated in API level 33

Use this key to specify the name or address of a host running a KDC for that realm. An optional port number, separated from the hostname by a colon, may be included. If the name or address contains colons (for example, if it is an IPv6 address), enclose it in square brackets to distinguish the colon from a port separator. For your computer to be able to communicate with the KDC for each realm, this tag must be given a value in each realm subsection in the configuration file, or there must be DNS SRV records specifying the KDCs. attempt fails.

Since
API level 23
MDM 5.9
Constant Value: "REALMS_KDC"

public static final String KPASSWD_SERVER

Since: API level 23

Deprecated in API level 33

Use this key to specify the server where all the password changes are performed. If there is no such entry, the port 464 on the admin_server host will be tried.

Since
API level 23
MDM 5.9
Constant Value: "REALMS_KPASSWD_SERVER"

public static final String KRB5_CONFIG_DATA

Since: API level 23

Deprecated in API level 33

Use this key to specify entire configuration details in the form of byte array.

Since
API level 23
MDM 5.9
Constant Value: "KRB5_CONFIG_DATA"

public static final String MASTER_KDC

Since: API level 23

Deprecated in API level 33

Use this key to specify the master KDC(s). Currently, this tag is used in only one case: If an attempt to get credentials fails because of an invalid password, the client software will attempt to contact the master KDC, in case the user's password has just been changed, and the updated database has not been propagated to the slave servers yet.

Since
API level 23
MDM 5.9
Constant Value: "REALMS_MASTER_KDC"

public static final String NOADDRESSES

Since: API level 23

Deprecated in API level 33

Use this key to set the no-addresses flag to true or false. If this flag is true, requests for initial tickets will not be made with address restrictions set, allowing the tickets to be used across NATs. The default value is true.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_NOADDRESSES"

public static final String PKINIT_ANCHORS

Since: API level 23

Deprecated in API level 33

Use this key to specify the location of trusted anchor (root) certificates which the client trusts to sign KDC certificates. This option may be specified multiple times. These values from the config file are not used if the user specifies X509_anchors on the command line.

Since
API level 23
MDM 5.9
Constant Value: "REALMS_PKINIT_ANCHORS"

public static final String PKINIT_IDENTITIES

Since: API level 23

Deprecated in API level 33

Use this key to specify the location(s) to be used to find the user's X.509 identity information. This option may be specified multiple times. Each value is attempted in order until identity information is found and authentication is attempted. Note that these values are not used if the user specifies X509_user_identity on the command line.

Since
API level 23
MDM 5.9
Constant Value: "REALMS_PKINIT_IDENTITIES"

public static final String RDNS

Since: API level 23

Deprecated in API level 33

Use this key to set the reverse dns lookup flag to true or false. If this flag is true, reverse name lookup will be used in addition to forward name lookup to canonicalizing hostnames for use in service principal names.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_RDNS"

public static final String RENEW_LIFETIME

Since: API level 23

Deprecated in API level 33

Use this key to set the default renewable lifetime for initial ticket requests. The default value is 0.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_RENEW_LIFETIME"

public static final String TICKET_LIFETIME

Since: API level 23

Deprecated in API level 33

Use this key to set the default lifetime for initial ticket requests. The default value is 1 day.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_TICKET_LIFETIME"

public static final String UDP_PREFERENCE_LIMIT

Since: API level 23

Deprecated in API level 33

Use this key to specify the UDP preference limit. When sending a message to the KDC, the library will try using TCP before UDP if the size of the message is above udp_preference_limit. If the message is smaller than udp_preference_limit, then UDP will be tried before TCP. Regardless of the size, both protocols will be tried if the first attempt fails.

Since
API level 23
MDM 5.9
Constant Value: "LIBDEFAULTS_UDP_PREFERENCE_LIMIT"

Public Constructors

public AuthenticationRequestKeys ()

Since: API level 23