[jboss-jira] [JBoss JIRA] (WFLY-7341) Unable to configure Krb5LoginModule options in elytron kerberos implementation

Jan Kalina (JIRA) issues at jboss.org
Tue Oct 18 12:17:00 EDT 2016 

Jan Kalina created WFLY-7341:
--------------------------------

             Summary: Unable to configure Krb5LoginModule options in elytron kerberos implementation
                 Key: WFLY-7341
                 URL: https://issues.jboss.org/browse/WFLY-7341
             Project: WildFly
          Issue Type: Bug
          Components: Security
    Affects Versions: 11.0.0.Alpha1
            Reporter: Jan Kalina
            Assignee: Jan Kalina
            Priority: Blocker


Krb5LoginModule options are not configurable. I mean there are some of them exposed (debug, keytab, acceptor/initiator), but not all. In my opinion, sooner or later customers will hunt us to provide all of them. Because there are various use-cases out there needing to tweak kerberos configuration somehow. Legacy KerberosLoginModule exposed these options https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/login-module-reference/#kerberos_login_module

{code:java}
            if (debug) {
                options.put("debug", "true");
            }
            options.put("principal", principal);

            final AppConfigurationEntry ace;
            if (IS_IBM) {
                options.put("noAddress", "true");
                options.put("credsType", isServer ? "acceptor" : "initiator");
                options.put("useKeytab", keyTab.toURI().toURL().toString());
                ace = new AppConfigurationEntry(IBMKRB5LoginModule, REQUIRED, options);
            } else {
                options.put("storeKey", "true");
                options.put("useKeyTab", "true");
                options.put("keyTab", keyTab.getAbsolutePath());
                options.put("isInitiator", isServer ? "false" : "true");

                ace = new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options);
            }
{code}
^ GSSCredentialSecurityFactory

* http://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
* https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.api.doc/jgss/com/ibm/security/auth/module/Krb5LoginModule.html



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list