[jboss-jira] [JBoss JIRA] (SECURITY-352) Cache Server Subject
Darran Lofthouse (JIRA)
issues at jboss.org
Wed Apr 23 11:25:40 EDT 2014
[ https://issues.jboss.org/browse/SECURITY-352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated SECURITY-352:
--------------------------------------
Fix Version/s: Negotiation_2_1_7
(was: Negotiation_2_1_6)
> Cache Server Subject
> --------------------
>
> Key: SECURITY-352
> URL: https://issues.jboss.org/browse/SECURITY-352
> Project: PicketBox
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Reporter: Darran Lofthouse
> Fix For: Negotiation_2_1_7
>
>
> Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue)
> One request for each of the SPNEGO round trips and then one request for the LDAP search.
> Attempts to make use of a local ticket cache failed: -
> <!--
> <module-option name="useTicketCache">true</module-option>
> <module-option name="renewTGT">true</module-option>
> <module-option name="ticketCache">/home/darranl/src/negotiation-as/jboss-4.2.2.GA-AD/testserver.cache</module-option>
> -->
> As the keytab had not been read it meant that the requirements for storeKey were not met, this is needed for SPNEGO.
> <module-option name="storeKey">true</module-option>
> A mechanism to cache the server subject is needed.
> The expiration time of the ticket can be obtained to decide how long to cache the ticket for: -
> Set<Object> privateCredentials = serverSubject.getPrivateCredentials();
> for (Object current : privateCredentials)
> {
> if (current instanceof KerberosTicket)
> {
> KerberosTicket ticket = (KerberosTicket) current;
> System.out.println(ticket.getEndTime());
> }
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list