[teiid-issues] [JBoss JIRA] (TEIID-2863) Allow both gssapi and username/password authentication on the same transport
Ramesh Reddy (JIRA)
issues at jboss.org
Wed Mar 5 09:34:01 EST 2014
[ https://issues.jboss.org/browse/TEIID-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12950240#comment-12950240 ]
Ramesh Reddy commented on TEIID-2863:
-------------------------------------
I did not fully study SPENGO before, but seems like one may be enough.
The SPENGO module uses delegation model for defining GSS API. For GSS API the negotiation from client is little more involved than calling the login context and calling the login() on it. So, you have to know ahead to prepare the client. Looks like there is way to delegate to USERPASSWORD too in this. But if you configure USERPASSWORD there is way to skip the GSS. So, here it either one or the other.
In stacking model, it security-domains are tried to login sequentially one after other. So, client needs to understand this and adapt to it. So, here GSS is tried first then, if it fails/passes (depending upon the flag) goes to USERPASSWORD.
So the question is which one we want to support?
> Allow both gssapi and username/password authentication on the same transport
> ----------------------------------------------------------------------------
>
> Key: TEIID-2863
> URL: https://issues.jboss.org/browse/TEIID-2863
> Project: Teiid
> Issue Type: Enhancement
> Components: Server
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
>
> With GSSAPI support enabled, username/password support on the same transport is effectively disabled. JDBC/ODBC should ideally support both on the same transport.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the teiid-issues
mailing list