[teiid-issues] [JBoss JIRA] (TEIID-1610) Support kerberos authentication forwarding for remote clients

Ramesh Reddy (Resolved) (JIRA) jira-events at lists.jboss.org
Tue Nov 29 09:56:41 EST 2011 

     [ https://issues.jboss.org/browse/TEIID-1610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ramesh Reddy resolved TEIID-1610.
---------------------------------

    Resolution: Done


JDBC was tested successfully about a couple weeks ago, there has not been any changes in the JDBC  layer since then. We have seen other issues like

2011-11-29 08:49:11,562 ERROR [org.teiid.SECURITY] (New I/O server worker #1-1) Kerberos context login failed
GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:757)

but, believe these are due to either DES encryption is set to false on the Active directory, or some other configuration mismatch. In either case, this is external to the Teiid, so marking as resolved.

One issue still unresolved is, how JDBC client can use the cached credentials of the logged in user? I have not found any documents/information on this, so this can be further extension to the GSS API support, which needs to be tracked with separate JIRA.
                
> Support kerberos authentication forwarding for remote clients
> -------------------------------------------------------------
>
>                 Key: TEIID-1610
>                 URL: https://issues.jboss.org/browse/TEIID-1610
>             Project: Teiid
>          Issue Type: Enhancement
>          Components: JDBC Driver
>            Reporter: Steven Hawkins
>            Assignee: Ramesh Reddy
>             Fix For: 7.6
>
>
> Teiid clients in addition to supporting the standard encrypted login, should be able to forward an existing ticket.  The server would be expected to have a security domain configured appropriately.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the teiid-issues mailing list