[jboss-jira] [JBoss JIRA] (WFLY-7340) Unable to configure Krb5LoginModule options in elytron kerberos implementation
Jan Kalina (JIRA)
issues at jboss.org
Tue Oct 18 11:02:01 EDT 2016
[ https://issues.jboss.org/browse/WFLY-7340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Kalina updated WFLY-7340:
-----------------------------
Description:
Krb5LoginModule options are not configurable. I mean there are some of them exposed (debug, keytab, acceptor/initiator), but not all. In my opinion, sooner or later customers will hunt us to provide all of them. Because there are various use-cases out there needing to tweak kerberos configuration somehow. Legacy KerberosLoginModule exposed these options https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/login-module-reference/#kerberos_login_module
{code:java}
if (debug) {
options.put("debug", "true");
}
options.put("principal", principal);
final AppConfigurationEntry ace;
if (IS_IBM) {
options.put("noAddress", "true");
options.put("credsType", isServer ? "acceptor" : "initiator");
options.put("useKeytab", keyTab.toURI().toURL().toString());
ace = new AppConfigurationEntry(IBMKRB5LoginModule, REQUIRED, options);
} else {
options.put("storeKey", "true");
options.put("useKeyTab", "true");
options.put("keyTab", keyTab.getAbsolutePath());
options.put("isInitiator", isServer ? "false" : "true");
ace = new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options);
}
{code}
^ GSSCredentialSecurityFactory
* http://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
* https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.api.doc/jgss/com/ibm/security/auth/module/Krb5LoginModule.html
was:
Krb5LoginModule options are not configurable. I mean there are some of them exposed (debug, keytab, acceptor/initiator), but not all. In my opinion, sooner or later customers will hunt us to provide all of them. Because there are various use-cases out there needing to tweak kerberos configuration somehow. Legacy KerberosLoginModule exposed these options https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/login-module-reference/#kerberos_login_module
{code:java}
if (debug) {
options.put("debug", "true");
}
options.put("principal", principal);
final AppConfigurationEntry ace;
if (IS_IBM) {
options.put("noAddress", "true");
options.put("credsType", isServer ? "acceptor" : "initiator");
options.put("useKeytab", keyTab.toURI().toURL().toString());
ace = new AppConfigurationEntry(IBMKRB5LoginModule, REQUIRED, options);
} else {
options.put("storeKey", "true");
options.put("useKeyTab", "true");
options.put("keyTab", keyTab.getAbsolutePath());
options.put("isInitiator", isServer ? "false" : "true");
ace = new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options);
}
{code}
* http://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
* https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.api.doc/jgss/com/ibm/security/auth/module/Krb5LoginModule.html
> Unable to configure Krb5LoginModule options in elytron kerberos implementation
> ------------------------------------------------------------------------------
>
> Key: WFLY-7340
> URL: https://issues.jboss.org/browse/WFLY-7340
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Martin Choma
> Assignee: Jan Kalina
> Priority: Blocker
>
> Krb5LoginModule options are not configurable. I mean there are some of them exposed (debug, keytab, acceptor/initiator), but not all. In my opinion, sooner or later customers will hunt us to provide all of them. Because there are various use-cases out there needing to tweak kerberos configuration somehow. Legacy KerberosLoginModule exposed these options https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/login-module-reference/#kerberos_login_module
> {code:java}
> if (debug) {
> options.put("debug", "true");
> }
> options.put("principal", principal);
> final AppConfigurationEntry ace;
> if (IS_IBM) {
> options.put("noAddress", "true");
> options.put("credsType", isServer ? "acceptor" : "initiator");
> options.put("useKeytab", keyTab.toURI().toURL().toString());
> ace = new AppConfigurationEntry(IBMKRB5LoginModule, REQUIRED, options);
> } else {
> options.put("storeKey", "true");
> options.put("useKeyTab", "true");
> options.put("keyTab", keyTab.getAbsolutePath());
> options.put("isInitiator", isServer ? "false" : "true");
> ace = new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options);
> }
> {code}
> ^ GSSCredentialSecurityFactory
> * http://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
> * https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.api.doc/jgss/com/ibm/security/auth/module/Krb5LoginModule.html
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list