[JBoss JIRA] (TEIID-4183) MSSQL JDBC driver invalidates kerberos ticket on Connection.close()

Wednesday, 15 June 2016

    [
https://issues.jboss.org/browse/TEIID-4183?page=com.atlassian.jira.plugin...
] 

Van Halbert commented on TEIID-4183:
------------------------------------

dditional option "wrapGSSCredential=true" for login module
org.teiid.jboss.PassthroughIdentityLoginModule is supposed to be a workaround. But
Teiid/MSSQL driver throws exception [1] with that option.

[1]
org.teiid.jdbc.TeiidSQLException: TEIID30498 Remote
org.teiid.api.exception.query.QueryPlannerException: TEIID30498 Capabilities for BQT were
not available.  The command could not be planned properly.
	at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135)
	at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71)
	at org.teiid.jdbc.StatementImpl.postReceiveResults(StatementImpl.java:706)
	at org.teiid.jdbc.StatementImpl.access$100(StatementImpl.java:64)
	at org.teiid.jdbc.StatementImpl$2.onCompletion(StatementImpl.java:545)
	at org.teiid.client.util.ResultsFuture.done(ResultsFuture.java:135)
	at org.teiid.client.util.ResultsFuture.access$200(ResultsFuture.java:40)
	at 

...
 MSSQL JDBC driver invalidates kerberos ticket on Connection.close()
 -------------------------------------------------------------------

                 Key: TEIID-4183
                 URL: https://issues.jboss.org/browse/TEIID-4183
             Project: Teiid
          Issue Type: Bug
    Affects Versions: 8.12.x, 8.7.5.6_2
            Reporter: Juraj Duráni
            Assignee: Ramesh Reddy
             Fix For: 9.0, 8.12.5

 MSSQL JDBC driver invalidate kerberos ticket on Connection.close() (related bugzilla
\[1\]).
 If user creates kerberos connection, driver invalidates ticket on closing connection
(Connection.close()). Therefore ticket cannot be re-used. EAP team creates a workaround
for this by adding module option *wrapGSSCredential=true* with additional setting
*credentialLifetime=-1* \[2, 3, 4, 5\]. This works for static kerberos authentication.
 However, passthrough authentication (org.teiid.jboss.PassthroughIdentityLoginModule) does
not work, because passed ticket is not managed by EAP but by client.
 \[1\] https://bugzilla.redhat.com/show_bug.cgi?id=1097276
 \[2\] https://bugzilla.redhat.com/show_bug.cgi?id=1097276#c58
 \[3\] https://issues.jboss.org/browse/SECURITY-905
 \[4\] https://issues.jboss.org/browse/JBEAP-843
 \[5\]
https://github.com/wildfly-security/jboss-negotiation/commit/0c7e06f58a79...

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009