[JBoss JIRA] (JBDS-3188) Support of krb5-principal keys in openshift-java-client (eclipse)

Wednesday, 17 December 2014

    [
https://issues.jboss.org/browse/JBDS-3188?page=com.atlassian.jira.plugin....
] 

Andre Dietisheim edited comment on JBDS-3188 at 12/17/14 10:01 AM:
-------------------------------------------------------------------

The server side of the krb5 authentication can be found here:
https://github.com/vindir/openshift-external-postgresql-cartridge/blob/ma...

{code:ruby}
def login(request, params, cookies)
if params['broker_auth_key'] && params['broker_auth_iv']
validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
else
data = JSON.parse(params['json_data'])
return authenticate(request, data['rhlogin'], params['password'])
end
end

def authenticate(request, login, password)
params = request.request_parameters()
if params['broker_auth_key'] && params['broker_auth_iv']
validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
else
raise OpenShift::AccessDeniedException if login.nil? || login.empty? || password.nil? ||
password.empty?
krb5 = Krb5.new
# get the default realm
default_realm = krb5.get_default_realm
Rails.logger.debug "Default realm is: " + default_realm
# try to cache non-existant data (this should fail and throw an exception)
begin
krb5.cache
rescue Krb5Auth::Krb5::Exception
Rails.logger.debug "Failed caching credentials before obtaining them.
Continuing..."
end
if krb5.get_init_creds_password(login,password)
krb5.close
return {:username => login, :auth_method => :login}
else
krb5.close
raise OpenShift::AccessDeniedException
end
end
end
{code}

was (Author: adietish):
The server side of the krb5 authentication can be found here: 

{code:title=https://github.com/vindir/openshift-external-postgresql-cartridge/blob/master/plugins/auth/kerberos/lib/openshift/kerberos_auth_service.rb#L108}
def login(request, params, cookies)
if params['broker_auth_key'] && params['broker_auth_iv']
validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
else
data = JSON.parse(params['json_data'])
return authenticate(request, data['rhlogin'], params['password'])
end
end

def authenticate(request, login, password)
params = request.request_parameters()
if params['broker_auth_key'] && params['broker_auth_iv']
validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
else
raise OpenShift::AccessDeniedException if login.nil? || login.empty? || password.nil? ||
password.empty?
krb5 = Krb5.new
# get the default realm
default_realm = krb5.get_default_realm
Rails.logger.debug "Default realm is: " + default_realm
# try to cache non-existant data (this should fail and throw an exception)
begin
krb5.cache
rescue Krb5Auth::Krb5::Exception
Rails.logger.debug "Failed caching credentials before obtaining them.
Continuing..."
end
if krb5.get_init_creds_password(login,password)
krb5.close
return {:username => login, :auth_method => :login}
else
krb5.close
raise OpenShift::AccessDeniedException
end
end
end
{code}

...
  Support of krb5-principal keys in openshift-java-client (eclipse)
 ------------------------------------------------------------------

                 Key: JBDS-3188
                 URL: https://issues.jboss.org/browse/JBDS-3188
             Project: Developer Studio (JBoss Developer Studio)
          Issue Type: Feature Request
          Components: openshift
    Affects Versions: 8.0.x
            Reporter: Christos Triantafyllidis
            Assignee: Max Rydahl Andersen

 The openshift-java-client which is used by the eclipse plugin doesn't support this
krb5-principal keys.
 This request is to be able to clone/pull/push updates to openshift application
repositories when krb5 credentials are already available and the openshift broker supports
krb5 authentication.

https://github.com/openshift/openshift-java-client/blob/master/src/main/j...

--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006