[jboss-jira] [JBoss JIRA] (ELY-674) Unable to configure Krb5LoginModule options in elytron kerberos implementation

Jan Kalina (JIRA) issues at jboss.org
Wed Nov 30 08:25:07 EST 2016 

     [ https://issues.jboss.org/browse/ELY-674?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina closed ELY-674.
--------------------------
    Resolution: Rejected


> Unable to configure Krb5LoginModule options in elytron kerberos implementation
> ------------------------------------------------------------------------------
>
>                 Key: ELY-674
>                 URL: https://issues.jboss.org/browse/ELY-674
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: Authentication Mechanisms
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Blocker
>
> Krb5LoginModule options are not configurable. I mean there are some of them exposed (debug, keytab, acceptor/initiator), but not all. In my opinion, sooner or later customers will hunt us to provide all of them. Because there are various use-cases out there needing to tweak kerberos configuration somehow. Legacy KerberosLoginModule exposed these options https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/login-module-reference/#kerberos_login_module
> {code:java}
>             if (debug) {
>                 options.put("debug", "true");
>             }
>             options.put("principal", principal);
>             final AppConfigurationEntry ace;
>             if (IS_IBM) {
>                 options.put("noAddress", "true");
>                 options.put("credsType", isServer ? "acceptor" : "initiator");
>                 options.put("useKeytab", keyTab.toURI().toURL().toString());
>                 ace = new AppConfigurationEntry(IBMKRB5LoginModule, REQUIRED, options);
>             } else {
>                 options.put("storeKey", "true");
>                 options.put("useKeyTab", "true");
>                 options.put("keyTab", keyTab.getAbsolutePath());
>                 options.put("isInitiator", isServer ? "false" : "true");
>                 ace = new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options);
>             }
> {code}
> ^ GSSCredentialSecurityFactory
> * http://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
> * https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.api.doc/jgss/com/ibm/security/auth/module/Krb5LoginModule.html



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list