7:03 p.m.
Graeme Gillies created TEIID-2260:
-------------------------------------
Summary: Teiid 8.X ODBC port does not follow security settings
Key: TEIID-2260
URL: https://issues.jboss.org/browse/TEIID-2260
Project: Teiid
Issue Type: Bug
Components: ODBC
Affects Versions: 8.2
Environment: Red Hat Enterprise Linux Server release 6.3 (Santiago)
java version "1.7.0_05-icedtea"
OpenJDK Runtime Environment (rhel-2.2.1.el6_3.3-x86_64)
OpenJDK 64-Bit Server VM (build 23.0-b21, mixed mode)
jbossas-standalone-7.1.2-8.Final_redhat_1.ep6.el6.noarch (JBoss EAP 6)
Reporter: Graeme Gillies
Assignee: Steven Hawkins
Hi,
We have the following configuration setup in our teiid 8.2 aplha 2 environment running on
eap6
{noformat}
<transport name="jdbc" socket-binding="teiid-jdbc">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
<transport name="odbc" socket-binding="teiid-odbc"
protocol="pg">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
{noformat}
With out security configuration looking like
{noformat}
<security-domain name="host"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="storeKey"
value="true"/>
<module-option name="useKeyTab"
value="true"/>
<module-option name="principal"
value="HTTP/REMOVED_HOSTNAME(a)REDHAT.COM"/>
<module-option name="keyTab"
value="/etc/jbossas/standalone/jboss.keytab"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="fallback"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="useTicketCache"
value="true"/>
<module-option name="useKeyTab"
value="false"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="REDHAT.COM"
cache-type="default">
<authentication>
<login-module code="SPNEGO"
flag="requisite">
<module-option name="password-stacking"
value="useFirstPass"/>
<module-option name="serverSecurityDomain"
value="host"/>
<module-option name="removeRealmFromPrincipal"
value="true"/>
<module-option name="usernamePasswordDomain"
value="fallback"/>
</login-module>
</authentication>
</security-domain>
{noformat}
And the security seems to work as expected for the JDBC connection, but when we try to
connect via ODBC to port 35432 it simply allows us to connect regardless of any
username/password combination we use. We tried even switching back to just basic
username/password login module (against flat files) with same results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:03 a.m.
[
https://issues.jboss.org/browse/TEIID-2260?page=com.atlassian.jira.plugin...
]
Ramesh Reddy commented on TEIID-2260:
-------------------------------------
transport's authentication needs another attribute "krb5-domain" for
kerberos. See https://docs.jboss.org/author/display/TEIID/Kerberos+support+through+GSSAPI
Either way, the above exposes some error which is by-passing the security.
Teiid 8.X ODBC port does not follow security settings
-----------------------------------------------------
Key: TEIID-2260
URL: https://issues.jboss.org/browse/TEIID-2260
Project: Teiid
Issue Type: Bug
Components: ODBC
Affects Versions: 8.2
Environment: Red Hat Enterprise Linux Server release 6.3 (Santiago)
java version "1.7.0_05-icedtea"
OpenJDK Runtime Environment (rhel-2.2.1.el6_3.3-x86_64)
OpenJDK 64-Bit Server VM (build 23.0-b21, mixed mode)
jbossas-standalone-7.1.2-8.Final_redhat_1.ep6.el6.noarch (JBoss EAP 6)
Reporter: Graeme Gillies
Assignee: Steven Hawkins
Hi,
We have the following configuration setup in our teiid 8.2 aplha 2 environment running on
eap6
{noformat}
<transport name="jdbc"
socket-binding="teiid-jdbc">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
<transport name="odbc" socket-binding="teiid-odbc"
protocol="pg">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
{noformat}
With out security configuration looking like
{noformat}
<security-domain name="host"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="storeKey"
value="true"/>
<module-option name="useKeyTab"
value="true"/>
<module-option name="principal"
value="HTTP/REMOVED_HOSTNAME(a)REDHAT.COM"/>
<module-option name="keyTab"
value="/etc/jbossas/standalone/jboss.keytab"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="fallback"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="useTicketCache"
value="true"/>
<module-option name="useKeyTab"
value="false"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="REDHAT.COM"
cache-type="default">
<authentication>
<login-module code="SPNEGO"
flag="requisite">
<module-option name="password-stacking"
value="useFirstPass"/>
<module-option name="serverSecurityDomain"
value="host"/>
<module-option name="removeRealmFromPrincipal"
value="true"/>
<module-option name="usernamePasswordDomain"
value="fallback"/>
</login-module>
</authentication>
</security-domain>
{noformat}
And the security seems to work as expected for the JDBC connection, but when we try to
connect via ODBC to port 35432 it simply allows us to connect regardless of any
username/password combination we use. We tried even switching back to just basic
username/password login module (against flat files) with same results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:52 a.m.
[
https://issues.jboss.org/browse/TEIID-2260?page=com.atlassian.jira.plugin...
]
Ramesh Reddy edited comment on TEIID-2260 at 10/11/12 8:51 AM:
---------------------------------------------------------------
transport's authentication needs another attribute "krb5-domain" for
kerberos. See https://docs.jboss.org/author/display/TEIID/Kerberos+support+through+GSSAPI
Either way, the above exposes some error which is by-passing the security.
In the absence of this attribute it will treat the configured security-domain as
CLEATTEXT, I think that domain is letting users through. What I still do not see why it
behaves this way for the ODBC not JDBC
was (Author: rareddy):
transport's authentication needs another attribute "krb5-domain" for
kerberos. See https://docs.jboss.org/author/display/TEIID/Kerberos+support+through+GSSAPI
Either way, the above exposes some error which is by-passing the security.
Teiid 8.X ODBC port does not follow security settings
-----------------------------------------------------
Key: TEIID-2260
URL: https://issues.jboss.org/browse/TEIID-2260
Project: Teiid
Issue Type: Bug
Components: ODBC
Affects Versions: 8.2
Environment: Red Hat Enterprise Linux Server release 6.3 (Santiago)
java version "1.7.0_05-icedtea"
OpenJDK Runtime Environment (rhel-2.2.1.el6_3.3-x86_64)
OpenJDK 64-Bit Server VM (build 23.0-b21, mixed mode)
jbossas-standalone-7.1.2-8.Final_redhat_1.ep6.el6.noarch (JBoss EAP 6)
Reporter: Graeme Gillies
Assignee: Steven Hawkins
Hi,
We have the following configuration setup in our teiid 8.2 aplha 2 environment running on
eap6
{noformat}
<transport name="jdbc"
socket-binding="teiid-jdbc">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
<transport name="odbc" socket-binding="teiid-odbc"
protocol="pg">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
{noformat}
With out security configuration looking like
{noformat}
<security-domain name="host"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="storeKey"
value="true"/>
<module-option name="useKeyTab"
value="true"/>
<module-option name="principal"
value="HTTP/REMOVED_HOSTNAME(a)REDHAT.COM"/>
<module-option name="keyTab"
value="/etc/jbossas/standalone/jboss.keytab"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="fallback"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="useTicketCache"
value="true"/>
<module-option name="useKeyTab"
value="false"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="REDHAT.COM"
cache-type="default">
<authentication>
<login-module code="SPNEGO"
flag="requisite">
<module-option name="password-stacking"
value="useFirstPass"/>
<module-option name="serverSecurityDomain"
value="host"/>
<module-option name="removeRealmFromPrincipal"
value="true"/>
<module-option name="usernamePasswordDomain"
value="fallback"/>
</login-module>
</authentication>
</security-domain>
{noformat}
And the security seems to work as expected for the JDBC connection, but when we try to
connect via ODBC to port 35432 it simply allows us to connect regardless of any
username/password combination we use. We tried even switching back to just basic
username/password login module (against flat files) with same results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:19 p.m.
[
https://issues.jboss.org/browse/TEIID-2260?page=com.atlassian.jira.plugin...
]
Steven Hawkins updated TEIID-2260:
----------------------------------
Fix Version/s: 8.2
Priority: Blocker (was: Major)
Assignee: Ramesh Reddy (was: Steven Hawkins)
Teiid 8.X ODBC port does not follow security settings
-----------------------------------------------------
Key: TEIID-2260
URL: https://issues.jboss.org/browse/TEIID-2260
Project: Teiid
Issue Type: Bug
Components: ODBC
Affects Versions: 8.2
Environment: Red Hat Enterprise Linux Server release 6.3 (Santiago)
java version "1.7.0_05-icedtea"
OpenJDK Runtime Environment (rhel-2.2.1.el6_3.3-x86_64)
OpenJDK 64-Bit Server VM (build 23.0-b21, mixed mode)
jbossas-standalone-7.1.2-8.Final_redhat_1.ep6.el6.noarch (JBoss EAP 6)
Reporter: Graeme Gillies
Assignee: Ramesh Reddy
Priority: Blocker
Fix For: 8.2
Hi,
We have the following configuration setup in our teiid 8.2 aplha 2 environment running on
eap6
{noformat}
<transport name="jdbc"
socket-binding="teiid-jdbc">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
<transport name="odbc" socket-binding="teiid-odbc"
protocol="pg">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
{noformat}
With out security configuration looking like
{noformat}
<security-domain name="host"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="storeKey"
value="true"/>
<module-option name="useKeyTab"
value="true"/>
<module-option name="principal"
value="HTTP/REMOVED_HOSTNAME(a)REDHAT.COM"/>
<module-option name="keyTab"
value="/etc/jbossas/standalone/jboss.keytab"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="fallback"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="useTicketCache"
value="true"/>
<module-option name="useKeyTab"
value="false"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="REDHAT.COM"
cache-type="default">
<authentication>
<login-module code="SPNEGO"
flag="requisite">
<module-option name="password-stacking"
value="useFirstPass"/>
<module-option name="serverSecurityDomain"
value="host"/>
<module-option name="removeRealmFromPrincipal"
value="true"/>
<module-option name="usernamePasswordDomain"
value="fallback"/>
</login-module>
</authentication>
</security-domain>
{noformat}
And the security seems to work as expected for the JDBC connection, but when we try to
connect via ODBC to port 35432 it simply allows us to connect regardless of any
username/password combination we use. We tried even switching back to just basic
username/password login module (against flat files) with same results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:21 p.m.
[
https://issues.jboss.org/browse/TEIID-2260?page=com.atlassian.jira.plugin...
]
Ramesh Reddy updated TEIID-2260:
--------------------------------
Git Pull Request: https://github.com/teiid/teiid/pull/3
Teiid 8.X ODBC port does not follow security settings
-----------------------------------------------------
Key: TEIID-2260
URL: https://issues.jboss.org/browse/TEIID-2260
Project: Teiid
Issue Type: Bug
Components: ODBC
Affects Versions: 8.2
Environment: Red Hat Enterprise Linux Server release 6.3 (Santiago)
java version "1.7.0_05-icedtea"
OpenJDK Runtime Environment (rhel-2.2.1.el6_3.3-x86_64)
OpenJDK 64-Bit Server VM (build 23.0-b21, mixed mode)
jbossas-standalone-7.1.2-8.Final_redhat_1.ep6.el6.noarch (JBoss EAP 6)
Reporter: Graeme Gillies
Assignee: Ramesh Reddy
Priority: Blocker
Fix For: 8.2
Hi,
We have the following configuration setup in our teiid 8.2 aplha 2 environment running on
eap6
{noformat}
<transport name="jdbc"
socket-binding="teiid-jdbc">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
<transport name="odbc" socket-binding="teiid-odbc"
protocol="pg">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
{noformat}
With out security configuration looking like
{noformat}
<security-domain name="host"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="storeKey"
value="true"/>
<module-option name="useKeyTab"
value="true"/>
<module-option name="principal"
value="HTTP/REMOVED_HOSTNAME(a)REDHAT.COM"/>
<module-option name="keyTab"
value="/etc/jbossas/standalone/jboss.keytab"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="fallback"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="useTicketCache"
value="true"/>
<module-option name="useKeyTab"
value="false"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="REDHAT.COM"
cache-type="default">
<authentication>
<login-module code="SPNEGO"
flag="requisite">
<module-option name="password-stacking"
value="useFirstPass"/>
<module-option name="serverSecurityDomain"
value="host"/>
<module-option name="removeRealmFromPrincipal"
value="true"/>
<module-option name="usernamePasswordDomain"
value="fallback"/>
</login-module>
</authentication>
</security-domain>
{noformat}
And the security seems to work as expected for the JDBC connection, but when we try to
connect via ODBC to port 35432 it simply allows us to connect regardless of any
username/password combination we use. We tried even switching back to just basic
username/password login module (against flat files) with same results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:25 p.m.
[
https://issues.jboss.org/browse/TEIID-2260?page=com.atlassian.jira.plugin...
]
Ramesh Reddy resolved TEIID-2260.
---------------------------------
Resolution: Done
In the 8.x, each transport can be configured with their own security domain. The ODBC
layer, underneath uses Embedded transport which by default does not have any security
because it is always considered in VM. However, when ODBC used embedded it ignored the
security domain configured on the ODBC and followed the embedded rules, which was wrong.
Fixed by removing the use of "embedded" transport underneath the ODBC, and
providing a way to directly make connection to server by registering a overridden
connection profile that can be only used by ODBC layer.
Teiid 8.X ODBC port does not follow security settings
-----------------------------------------------------
Key: TEIID-2260
URL: https://issues.jboss.org/browse/TEIID-2260
Project: Teiid
Issue Type: Bug
Components: ODBC
Affects Versions: 8.2
Environment: Red Hat Enterprise Linux Server release 6.3 (Santiago)
java version "1.7.0_05-icedtea"
OpenJDK Runtime Environment (rhel-2.2.1.el6_3.3-x86_64)
OpenJDK 64-Bit Server VM (build 23.0-b21, mixed mode)
jbossas-standalone-7.1.2-8.Final_redhat_1.ep6.el6.noarch (JBoss EAP 6)
Reporter: Graeme Gillies
Assignee: Ramesh Reddy
Priority: Blocker
Fix For: 8.2
Hi,
We have the following configuration setup in our teiid 8.2 aplha 2 environment running on
eap6
{noformat}
<transport name="jdbc"
socket-binding="teiid-jdbc">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
<transport name="odbc" socket-binding="teiid-odbc"
protocol="pg">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
{noformat}
With out security configuration looking like
{noformat}
<security-domain name="host"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="storeKey"
value="true"/>
<module-option name="useKeyTab"
value="true"/>
<module-option name="principal"
value="HTTP/REMOVED_HOSTNAME(a)REDHAT.COM"/>
<module-option name="keyTab"
value="/etc/jbossas/standalone/jboss.keytab"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="fallback"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="useTicketCache"
value="true"/>
<module-option name="useKeyTab"
value="false"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="REDHAT.COM"
cache-type="default">
<authentication>
<login-module code="SPNEGO"
flag="requisite">
<module-option name="password-stacking"
value="useFirstPass"/>
<module-option name="serverSecurityDomain"
value="host"/>
<module-option name="removeRealmFromPrincipal"
value="true"/>
<module-option name="usernamePasswordDomain"
value="fallback"/>
</login-module>
</authentication>
</security-domain>
{noformat}
And the security seems to work as expected for the JDBC connection, but when we try to
connect via ODBC to port 35432 it simply allows us to connect regardless of any
username/password combination we use. We tried even switching back to just basic
username/password login module (against flat files) with same results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:31 a.m.
[
https://issues.jboss.org/browse/TEIID-2260?page=com.atlassian.jira.plugin...
]
Steven Hawkins closed TEIID-2260.
---------------------------------
Teiid 8.X ODBC port does not follow security settings
-----------------------------------------------------
Key: TEIID-2260
URL: https://issues.jboss.org/browse/TEIID-2260
Project: Teiid
Issue Type: Bug
Components: ODBC
Affects Versions: 8.2
Environment: Red Hat Enterprise Linux Server release 6.3 (Santiago)
java version "1.7.0_05-icedtea"
OpenJDK Runtime Environment (rhel-2.2.1.el6_3.3-x86_64)
OpenJDK 64-Bit Server VM (build 23.0-b21, mixed mode)
jbossas-standalone-7.1.2-8.Final_redhat_1.ep6.el6.noarch (JBoss EAP 6)
Reporter: Graeme Gillies
Assignee: Ramesh Reddy
Priority: Blocker
Fix For: 8.2
Hi,
We have the following configuration setup in our teiid 8.2 aplha 2 environment running on
eap6
{noformat}
<transport name="jdbc"
socket-binding="teiid-jdbc">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
<transport name="odbc" socket-binding="teiid-odbc"
protocol="pg">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3"
keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore"
password="changeit"/>
</ssl>
</transport>
{noformat}
With out security configuration looking like
{noformat}
<security-domain name="host"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="storeKey"
value="true"/>
<module-option name="useKeyTab"
value="true"/>
<module-option name="principal"
value="HTTP/REMOVED_HOSTNAME(a)REDHAT.COM"/>
<module-option name="keyTab"
value="/etc/jbossas/standalone/jboss.keytab"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="fallback"
cache-type="default">
<authentication>
<login-module code="Kerberos"
flag="required">
<module-option name="useTicketCache"
value="true"/>
<module-option name="useKeyTab"
value="false"/>
<module-option name="doNotPrompt"
value="true"/>
<module-option name="debug"
value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="REDHAT.COM"
cache-type="default">
<authentication>
<login-module code="SPNEGO"
flag="requisite">
<module-option name="password-stacking"
value="useFirstPass"/>
<module-option name="serverSecurityDomain"
value="host"/>
<module-option name="removeRealmFromPrincipal"
value="true"/>
<module-option name="usernamePasswordDomain"
value="fallback"/>
</login-module>
</authentication>
</security-domain>
{noformat}
And the security seems to work as expected for the JDBC connection, but when we try to
connect via ODBC to port 35432 it simply allows us to connect regardless of any
username/password combination we use. We tried even switching back to just basic
username/password login module (against flat files) with same results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
4415
days inactive
4455
days old
6 comments
3 participants
participants (3)
-
Graeme Gillies (JIRA) -
Ramesh Reddy (JIRA)
-
Steven Hawkins (JIRA)