]
Jan Kalina closed WFLY-7340.
----------------------------
Resolution: Rejected
Unable to configure Krb5LoginModule options in elytron kerberos
implementation
------------------------------------------------------------------------------
Key: WFLY-7340
URL:
https://issues.jboss.org/browse/WFLY-7340
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 11.0.0.Alpha1
Reporter: Martin Choma
Assignee: Jan Kalina
Priority: Blocker
Krb5LoginModule options are not configurable. I mean there are some of them exposed
(debug, keytab, acceptor/initiator), but not all. In my opinion, sooner or later customers
will hunt us to provide all of them. Because there are various use-cases out there needing
to tweak kerberos configuration somehow. Legacy KerberosLoginModule exposed these options
https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-appli...
{code:java}
if (debug) {
options.put("debug", "true");
}
options.put("principal", principal);
final AppConfigurationEntry ace;
if (IS_IBM) {
options.put("noAddress", "true");
options.put("credsType", isServer ? "acceptor" :
"initiator");
options.put("useKeytab", keyTab.toURI().toURL().toString());
ace = new AppConfigurationEntry(IBMKRB5LoginModule, REQUIRED, options);
} else {
options.put("storeKey", "true");
options.put("useKeyTab", "true");
options.put("keyTab", keyTab.getAbsolutePath());
options.put("isInitiator", isServer ? "false" :
"true");
ace = new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options);
}
{code}
^ GSSCredentialSecurityFactory
*
http://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/s...
*
https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java....