[jboss-jira] [JBoss JIRA] (WFLY-5131) Kerberos authentication for remoting EJB without interaction does not fallback correctly

Darran Lofthouse (JIRA) issues at jboss.org
Mon Oct 5 13:04:00 EDT 2015 

    [ https://issues.jboss.org/browse/WFLY-5131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13115141#comment-13115141 ] 

Darran Lofthouse commented on WFLY-5131:
----------------------------------------

Reviewing this would need more information to reproduce the actual scenario you are seeing.  However this is most likely something that can be solved with a custom JAAS configuration.

The following Java example shows how a custom JAAS configuration can be used on the client side, the Kerberos login module can then be configured to disable prompting for a username and password: -

https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/BasicClientServer.html#useSub

> Kerberos authentication for remoting EJB without interaction does not fallback correctly
> ----------------------------------------------------------------------------------------
>
>                 Key: WFLY-5131
>                 URL: https://issues.jboss.org/browse/WFLY-5131
>             Project: WildFly
>          Issue Type: Bug
>          Components: EJB, Security
>    Affects Versions: 10.0.0.Beta1
>            Reporter: Ondrej Lukas
>            Assignee: Darran Lofthouse
>
> In case when kerberos authentication with properties fallback is correctly configured in security realm and user without correct kerberos ticket tries to invoke EJB via EJB client, then EJB client asks for kerberos username in interactive mode. It works correctly when user interacts with this mode but it causes inconvenience for access without user interaction. Fallback cannot be taken into account because EJB invocation stucks in interactive mode which leads to RuntimeException: Operation failed with status WAITING. There should be any possibility how to disable interactive mode for users which invoke EJB without kerberos.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list