[jboss-jira] [JBoss JIRA] Created: (SECURITY-352) Cache Server Subject

[Darran Lofthouse (JIRA)]

Cache Server Subject
--------------------

                 Key: SECURITY-352
                 URL: https://jira.jboss.org/jira/browse/SECURITY-352
             Project: JBoss Security and Identity Management
          Issue Type: Feature Request
      Security Level: Public (Everyone can see)
          Components: Negotiation
            Reporter: Darran Lofthouse
            Assignee: Darran Lofthouse
             Fix For: Negotiation_2.0.4.GA


Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue)

One request for each of the SPNEGO round trips and then one request for the LDAP search.

Attempts to make use of a local ticket cache failed: -

           <!--
           <module-option name="useTicketCache">true</module-option>           
           <module-option name="renewTGT">true</module-option>
           <module-option name="ticketCache">/home/darranl/src/negotiation-as/jboss-4.2.2.GA-AD/testserver.cache</module-option>
           -->

As the keytab had not been read it meant that the requirements for storeKey were not met, this is needed for SPNEGO.

  <module-option name="storeKey">true</module-option>

A mechanism to cache the server subject is needed.

The expiration time of the ticket can be obtained to decide how long to cache the ticket for: -

      Set<Object> privateCredentials = serverSubject.getPrivateCredentials();
      for (Object current : privateCredentials)
      {
         if (current instanceof KerberosTicket)
         {
            KerberosTicket ticket = (KerberosTicket) current;
            System.out.println(ticket.getEndTime());            
         }
      }


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira