[jboss-jira] [JBoss JIRA] (WFLY-5131) Kerberos authentication for remoting EJB without interaction does not fallback correctly
Darran Lofthouse (JIRA)
issues at jboss.org
Mon Oct 5 13:31:00 EDT 2015
[ https://issues.jboss.org/browse/WFLY-5131?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse resolved WFLY-5131.
------------------------------------
Resolution: Rejected
As described in my last commend this behaviour needs to be defined in a custom jaas configuration, here is the example working in my local environment: -
{noformat}
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
doNotPrompt=true;
};
{noformat}
Within the CLI we have been able to handle this automatically - however for EJB clients we are not running without our own process so we can not insert JAAS configuration in the same way.
> Kerberos authentication for remoting EJB without interaction does not fallback correctly
> ----------------------------------------------------------------------------------------
>
> Key: WFLY-5131
> URL: https://issues.jboss.org/browse/WFLY-5131
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security
> Affects Versions: 10.0.0.Beta1
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
>
> In case when kerberos authentication with properties fallback is correctly configured in security realm and user without correct kerberos ticket tries to invoke EJB via EJB client, then EJB client asks for kerberos username in interactive mode. It works correctly when user interacts with this mode but it causes inconvenience for access without user interaction. Fallback cannot be taken into account because EJB invocation stucks in interactive mode which leads to RuntimeException: Operation failed with status WAITING. There should be any possibility how to disable interactive mode for users which invoke EJB without kerberos.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list