Darran Lofthouse updated SECURITY-352:
Fix Version/s: Negotiation_2_1_2
Cache Server Subject
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Reporter: Darran Lofthouse
Fix For: Negotiation_2_1_2
Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue)
One request for each of the SPNEGO round trips and then one request for the LDAP search.
Attempts to make use of a local ticket cache failed: -
As the keytab had not been read it meant that the requirements for storeKey were not met,
this is needed for SPNEGO.
A mechanism to cache the server subject is needed.
The expiration time of the ticket can be obtained to decide how long to cache the ticket
Set<Object> privateCredentials = serverSubject.getPrivateCredentials();
for (Object current : privateCredentials)
if (current instanceof KerberosTicket)
KerberosTicket ticket = (KerberosTicket) current;
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
For more information on JIRA, see: http://www.atlassian.com/software/jira