[
https://issues.jboss.org/browse/SECURITY-352?page=com.atlassian.jira.plug...
]
Darran Lofthouse updated SECURITY-352:
--------------------------------------
Fix Version/s: Negotiation_2_1_2
(was: Negotiation_2.1.1)
Cache Server Subject
--------------------
Key: SECURITY-352
URL:
https://issues.jboss.org/browse/SECURITY-352
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Negotiation
Reporter: Darran Lofthouse
Fix For: Negotiation_2_1_2
Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue)
One request for each of the SPNEGO round trips and then one request for the LDAP search.
Attempts to make use of a local ticket cache failed: -
<!--
<module-option
name="useTicketCache">true</module-option>
<module-option name="renewTGT">true</module-option>
<module-option
name="ticketCache">/home/darranl/src/negotiation-as/jboss-4.2.2.GA-AD/testserver.cache</module-option>
-->
As the keytab had not been read it meant that the requirements for storeKey were not met,
this is needed for SPNEGO.
<module-option name="storeKey">true</module-option>
A mechanism to cache the server subject is needed.
The expiration time of the ticket can be obtained to decide how long to cache the ticket
for: -
Set<Object> privateCredentials = serverSubject.getPrivateCredentials();
for (Object current : privateCredentials)
{
if (current instanceof KerberosTicket)
{
KerberosTicket ticket = (KerberosTicket) current;
System.out.println(ticket.getEndTime());
}
}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira