[teiid-issues] [JBoss JIRA] (TEIID-4183) MSSQL JDBC driver invalidates kerberos ticket on Connection.close()
Van Halbert (JIRA)
issues at jboss.org
Wed Jun 15 10:59:00 EDT 2016
[ https://issues.jboss.org/browse/TEIID-4183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13252978#comment-13252978 ]
Van Halbert commented on TEIID-4183:
------------------------------------
dditional option "wrapGSSCredential=true" for login module org.teiid.jboss.PassthroughIdentityLoginModule is supposed to be a workaround. But Teiid/MSSQL driver throws exception [1] with that option.
[1]
org.teiid.jdbc.TeiidSQLException: TEIID30498 Remote org.teiid.api.exception.query.QueryPlannerException: TEIID30498 Capabilities for BQT were not available. The command could not be planned properly.
at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135)
at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71)
at org.teiid.jdbc.StatementImpl.postReceiveResults(StatementImpl.java:706)
at org.teiid.jdbc.StatementImpl.access$100(StatementImpl.java:64)
at org.teiid.jdbc.StatementImpl$2.onCompletion(StatementImpl.java:545)
at org.teiid.client.util.ResultsFuture.done(ResultsFuture.java:135)
at org.teiid.client.util.ResultsFuture.access$200(ResultsFuture.java:40)
at
> MSSQL JDBC driver invalidates kerberos ticket on Connection.close()
> -------------------------------------------------------------------
>
> Key: TEIID-4183
> URL: https://issues.jboss.org/browse/TEIID-4183
> Project: Teiid
> Issue Type: Bug
> Affects Versions: 8.12.x, 8.7.5.6_2
> Reporter: Juraj Duráni
> Assignee: Ramesh Reddy
> Fix For: 9.0, 8.12.5
>
>
> MSSQL JDBC driver invalidate kerberos ticket on Connection.close() (related bugzilla \[1\]).
> If user creates kerberos connection, driver invalidates ticket on closing connection (Connection.close()). Therefore ticket cannot be re-used. EAP team creates a workaround for this by adding module option *wrapGSSCredential=true* with additional setting *credentialLifetime=-1* \[2, 3, 4, 5\]. This works for static kerberos authentication.
> However, passthrough authentication (org.teiid.jboss.PassthroughIdentityLoginModule) does not work, because passed ticket is not managed by EAP but by client.
> \[1\] https://bugzilla.redhat.com/show_bug.cgi?id=1097276
> \[2\] https://bugzilla.redhat.com/show_bug.cgi?id=1097276#c58
> \[3\] https://issues.jboss.org/browse/SECURITY-905
> \[4\] https://issues.jboss.org/browse/JBEAP-843
> \[5\] https://github.com/wildfly-security/jboss-negotiation/commit/0c7e06f58a79855d5ae2fbe6cb662e90baf7a5d4
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the teiid-issues
mailing list