[jboss-jira] [JBoss JIRA] (JBJCA-1348) Pool duplication when kerberos subject changes (certificate expires and is renewed)
Stephen Fikes (JIRA)
issues at jboss.org
Mon Apr 24 13:37:00 EDT 2017
Stephen Fikes created JBJCA-1348:
------------------------------------
Summary: Pool duplication when kerberos subject changes (certificate expires and is renewed)
Key: JBJCA-1348
URL: https://issues.jboss.org/browse/JBJCA-1348
Project: IronJacamar
Issue Type: Bug
Affects Versions: 1.0.37.Final
Reporter: Stephen Fikes
Attachments: testcase.zip
Using a Kerberos security domain (org.jboss.security.negotiation.KerberosLoginModule) in JBoss EAP 6. When the Kerberos certificate times out and is renewed, the subject used to find the pool no longer matches and a new pool is created for the same user (based on the new credentials). The multiplication of pools makes it possible to exceed the max-pool-size with a single user (ActiveCount, etc. can exceed max-pool-size).
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list