Skip to main content
Version: 8.2405.x.x RR

Configuration files

For command shortcuts editing the configuration files, see the administrative command-line interface.

The following configuration files control the behavior of nevisAuth:

  • env.conf

    Process environment:

    • JAVA_HOME (optional): use the specified JRE/JDK
    • JAVA_OPTS: JVM command-line options
      • Heap size
      • Garbage collector
      • JSSE configuration properties
      • JNDI configuration properties
    • CLASSPATH (optional): JVM classpath. The JVM classpath is considered at server startup. It may be used to provide libraries that are required at server startup, for example security libraries such as Securosys.

    Example: CLASSPATH="/var/opt/nevisauth/<instance>/lib/*:

  • nevisauth.yml

    Server configuration:

    • Scaling (concurrency with worker threads)
    • Network settings (host, port, protocol, TLS, etc.)
  • log4j.xml

    Logging configuration:

    • Configuration of log levels for individual components
    • Audit channel if the file rotation policy or output file needs to be customized
  • esauth4.xml

    The AuthEngine and AuthStates are configured in the esauth4.xml file. The schema esauth4.dtd is used to validate this configuration. It contains a complete reference to all possible configuration attributes and the values for the built-in defaults.

    For more detail see the components and plugins sections.


    Contains the built-in language support for the default esauth4.xml configuration. See Language support for details.


    Contains additional Java cryptographic providers to be loaded for HSM support. The following providers are supported:

    • Sun Java 1.5 PKCS#11 provider, limited support due to implementation restrictions, for example, keys and certificates with different labels and multiple copies of the same certificate are not supported)
    • IBM PKCS#11 provider

    We recommend adding additional PKCS#11 providers with low priority to prevent side effects.

  • pkcs11.cfg

    This file is referenced by if the JRE PKCS#11 layer needs to be configured. It contains vendor specific driver settings: the PKCS#11 driver library to load, and special settings how JRE should access the driver.

  • java-krb5.conf

    This configuration file is required by the Kerberos support of Java.

    See Integrating with a Kerberos environment - AD.


    This configuration file is required by the FrontendKerberosAuthState.

    See Integrating with a Kerberos environment - AD.


The configuration files are located under: /var/opt/nevisauth/<instance>/conf