[teiid-issues] [JBoss JIRA] (TEIID-2013) Teiid with GSSAPI/kerberos authentication, remove need for jdbc clients to specify -Djava.security.krb5.realm and -Djava.security.krb5.kdc
[
https://issues.jboss.org/browse/TEIID-2013?page=com.atlassian.jira.plugin...
]
Ramesh Reddy resolved TEIID-2013.
---------------------------------
Resolution: Done
Fixed the code to allow GSS login with "java.security.krb5.conf" property,
however did not add any code to define the default location of the krb5.conf in different
operating systems. user must define either "java.security.krb5.conf" or KDC and
REALM proeprties. Not both.
Teiid with GSSAPI/kerberos authentication, remove need for jdbc
clients to specify -Djava.security.krb5.realm and -Djava.security.krb5.kdc
------------------------------------------------------------------------------------------------------------------------------------------
Key: TEIID-2013
URL: https://issues.jboss.org/browse/TEIID-2013
Project: Teiid
Issue Type: Enhancement
Components: JDBC Driver
Affects Versions: 7.6
Environment: Teiid 7.6 and above
Reporter: Graeme Gillies
Assignee: Ramesh Reddy
Fix For: 8.1
Currently any clients connecting to teiid with GSSAPI authentication need to specify the
following JVM properties
-Djava.security.krb5.realm
-Djava.security.krb5.kdc
Not specifying them causes errors saying to specify these properties. Other Java
GSSAPI/kerberos projects (for example, jboss negotiation, [1]) don't need these
properties to be set, instead seem to pull the values from /etc/krb5.conf (normal system
kerberos configuration file) as needed. This is extremely ideal, as it allows sysadmins to
change kerberos configuration for an entire system easily at once (for example, to use a
new kdc) without having to then also manually reconfigure java clients.
I've done some digging and it looks like a property exists called
java.security.krb5.conf [2] which can take a String pointing to a krb5.conf file, in order
to get the information needed for for kerberos auth. Is it possible to modify teiid jdbc
driver so that if the realm/kdc properties aren't set, then it will automatically look
for the system default krb5.conf (/etc/krb5.conf in linux, not sure what it is in windows)
and set java.security.krb5.conf (unless it's already set to the OS default?) to that
value and then get the client to work with that?
[1] https://community.jboss.org/wiki/JBossNegotiation
[2]
http://stackoverflow.com/questions/1431999/java-and-kerberos-authenticati...
This would greatly streamline the configuration needed for teiid JDBC clients with
GSSAPI.
Thanks in advance,
Graeme
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira