[jboss-jira] [JBoss JIRA] (SECURITY-352) Cache Server Subject

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Tue Jul 24 07:31:09 EDT 2012 

     [ https://issues.jboss.org/browse/SECURITY-352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated SECURITY-352:
--------------------------------------

    Fix Version/s: Negotiation_2_1_2
                       (was: Negotiation_2.1.1)

    
> Cache Server Subject
> --------------------
>
>                 Key: SECURITY-352
>                 URL: https://issues.jboss.org/browse/SECURITY-352
>             Project: PicketBox (JBoss Security and Identity Management)
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Negotiation
>            Reporter: Darran Lofthouse
>             Fix For: Negotiation_2_1_2
>
>
> Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue)
> One request for each of the SPNEGO round trips and then one request for the LDAP search.
> Attempts to make use of a local ticket cache failed: -
>            <!--
>            <module-option name="useTicketCache">true</module-option>           
>            <module-option name="renewTGT">true</module-option>
>            <module-option name="ticketCache">/home/darranl/src/negotiation-as/jboss-4.2.2.GA-AD/testserver.cache</module-option>
>            -->
> As the keytab had not been read it meant that the requirements for storeKey were not met, this is needed for SPNEGO.
>   <module-option name="storeKey">true</module-option>
> A mechanism to cache the server subject is needed.
> The expiration time of the ticket can be obtained to decide how long to cache the ticket for: -
>       Set<Object> privateCredentials = serverSubject.getPrivateCredentials();
>       for (Object current : privateCredentials)
>       {
>          if (current instanceof KerberosTicket)
>          {
>             KerberosTicket ticket = (KerberosTicket) current;
>             System.out.println(ticket.getEndTime());            
>          }
>       }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list