[
https://issues.jboss.org/browse/TEIID-2863?page=com.atlassian.jira.plugin...
]
Steven Hawkins commented on TEIID-2863:
---------------------------------------
In stacking model, it security-domains are tried to login
sequentially one after other.
Suppose we want to do kerberos or file logins, if I have a security domain with the
kerberos login module first and marked as optional (with the storepass option enabled) as
below:
{code}
<login-module code="Kerberos" flag="optional">
<module-option
name="storeKey">true</module-option>
<module-option
name="storePass">true</module-option>
<module-option
name="useKeyTab">true</module-option>
<module-option
name="principal">demo(a)EXAMPLE.COM</module-option>
<module-option
name="keyTab">path/to/krb5.keytab</module-option>
<module-option
name="doNotPrompt">true</module-option>
<module-option
name="debug">false</module-option>
</login-module>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="password-stacking"
value="useFirstPass"/>
<module-option name="usersProperties"
value="${jboss.server.config.dir}/teiid-security-users.properties"/>
<module-option name="rolesProperties"
value="${jboss.server.config.dir}/teiid-security-roles.properties"/>
</login-module>
</authentication>
{code}
Then if we authenticate into kerberos, then useFirstPass option will allow us to pick up
the roles from the roles file. Otherwise the security-domain will use file
authentication.
What this is hopefully getting at is that the auth type ideally should be associated with
the vdb/user - and not with the security domain.
So the question is which one we want to support?
I'm not sure what you mean. I would like the ODBC/JDBC approach to be the same (or at
least similar) if possible, so given a vdb/user the server should make a determination of
what auth type to use, then log the user into the security domain associated with the vdb
using that auth type.
Allow both gssapi and username/password authentication on the same
transport
----------------------------------------------------------------------------
Key: TEIID-2863
URL:
https://issues.jboss.org/browse/TEIID-2863
Project: Teiid
Issue Type: Enhancement
Components: Server
Reporter: Steven Hawkins
Assignee: Steven Hawkins
With GSSAPI support enabled, username/password support on the same transport is
effectively disabled. JDBC/ODBC should ideally support both on the same transport.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira