[jboss-jira] [JBoss JIRA] (WFLY-5557) Kerberos authentication for remoting on hostname which contains uppercase letter
Lin Gao (JIRA)
issues at jboss.org
Fri Oct 30 03:36:00 EDT 2015
[ https://issues.jboss.org/browse/WFLY-5557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lin Gao reassigned WFLY-5557:
-----------------------------
Assignee: Lin Gao
> Kerberos authentication for remoting on hostname which contains uppercase letter
> --------------------------------------------------------------------------------
>
> Key: WFLY-5557
> URL: https://issues.jboss.org/browse/WFLY-5557
> Project: WildFly
> Issue Type: Bug
> Components: Domain Management, Remoting, Security
> Affects Versions: 10.0.0.CR3
> Reporter: Martin Choma
> Assignee: Lin Gao
> Priority: Critical
>
> When EAP runs on server, which contains upper case in hostname (e.g. localhost.Localdomain), it is unpossible to make kerberos authentication in remoting to work properly.
> JDK constructs TGT-REQ with lower case hostname. But remoting client create connection to EAP with upper case letters, what cause problems.
> RFC4120 "The Kerberos Network Authentication Service" [1] in chapter "6.2.1. Name of Server Principals" requires ??Where the name of the host is not case sensitive (for example, with Internet domain names) the name of the host MUST be lowercase.??
> Based on information from RFC, IMHO, EAP should handle such scenario. Either remoting client should send lowercase hostname or security realm should map principal case insensitively and look for lower-case keytab record, e.g. remote/localhost.localdomain.
> [1] https://www.ietf.org/rfc/rfc4120.txt
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list