[jboss-jira] [JBoss JIRA] (WFCORE-820) Attribute for-hosts for Security Realm with Kerberos does not select keytab in defined order

RH Bugzilla Integration (JIRA) issues at jboss.org
Fri Aug 28 04:15:06 EDT 2015 

    [ https://issues.jboss.org/browse/WFCORE-820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13102999#comment-13102999 ] 

RH Bugzilla Integration commented on WFCORE-820:
------------------------------------------------

Tomas Hofman <thofman at redhat.com> changed the Status of [bug 1228228|https://bugzilla.redhat.com/show_bug.cgi?id=1228228] from ASSIGNED to CLOSED

> Attribute for-hosts for Security Realm with Kerberos does not select keytab in defined order
> --------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-820
>                 URL: https://issues.jboss.org/browse/WFCORE-820
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Domain Management
>    Affects Versions: 2.0.0.Alpha9
>            Reporter: Tomas Hofman
>            Assignee: Tomas Hofman
>             Fix For: 2.0.0.Alpha11
>
>
> This was cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1228228
> Attribute for-hosts for Security realm with Kerberos does not select keytab in order which is described in $EAP_SERVER/docs/schema/jboss-as-config_1_7.xsd (begin on line 456). 
> According to this XSD hostname values from for-hosts attributes (steps 1. nad 2.) are iterated before values obtained from principal (steps 3. and 4.). In case when keytab element (denote as keytab1) contains for-hosts attribute with hostname EXAMPLE and some another keytab element (denote as keytab2) contains principal HTTP/EXAMPLE at SOMETHING.COM then keytab2 is selected instead of keytab1. It means step 3. is performed before step 2. 
> Configuration for mentioned above example:
> {code:xml}
> <server-identities>
>     <kerberos>
>         <keytab principal="HTTP/ANYVALUE at SOMETHING.COM" path="/path/to/krb1.keytab" for-hosts="EXAMPLE"/>
>         <keytab principal="HTTP/EXAMPLE at SOMETHING.COM" path="/path/to/krb2.keytab" for-hosts="SOMEHOST"/>
>     </kerberos>
> </server-identities>
> {code}
> In case when hostname in for-hosts contains also protocol (HTTP/EXAMPLE instead of EXAMPLE) then it works correctly.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

More information about the jboss-jira mailing list