Unable to configure Krb5LoginModule options in elytron kerberos implementation ------------------------------------------------------------------------------ Key: WFLY-7340 URL: https://issues.jboss.org/browse/WFLY-7340 Project: WildFly Issue Type: Bug Components: Security Affects Versions: 11.0.0.Alpha1 Reporter: Martin Choma Priority: Blocker Krb5LoginModule options are not configurable. I mean there are some of them exposed (debug, keytab, acceptor/initiator), but not all. In my opinion, sooner or later customers will hunt us to provide all of them. Because there are various use-cases out there needing to tweak kerberos configuration somehow. Legacy KerberosLoginModule exposed these options https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-appli... {code:java} if (debug) { options.put("debug", "true"); } options.put("principal", principal); final AppConfigurationEntry ace; if (IS_IBM) { options.put("noAddress", "true"); options.put("credsType", isServer ? "acceptor" : "initiator"); options.put("useKeytab", keyTab.toURI().toURL().toString()); ace = new AppConfigurationEntry(IBMKRB5LoginModule, REQUIRED, options); } else { options.put("storeKey", "true"); options.put("useKeyTab", "true"); options.put("keyTab", keyTab.getAbsolutePath()); options.put("isInitiator", isServer ? "false" : "true"); ace = new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options); } {code} * http://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/s... * https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java....