[teiid-issues] [JBoss JIRA] (TEIID-4183) MSSQL JDBC driver invalidates kerberos ticket on Connection.close()

Ramesh Reddy (JIRA) issues at jboss.org
Wed Jun 22 14:22:00 EDT 2016 

    [ https://issues.jboss.org/browse/TEIID-4183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13256008#comment-13256008 ] 

Ramesh Reddy commented on TEIID-4183:
-------------------------------------

[~jdurani] I tried setting up your environment, but the test kept deleting some files and then server get shutdown etc., it is much for me to learn mechanics of this to test this usecase. So, I set up a 6.3 ER4 server and copied all the necessary configuration and files and I see that wrapping is occurring as designed.

Now, if that wrapping process itself is bad then it will fail, I can understand that. Otherwise I am not seeing any variance. Since your MSSQL instance is down I can not verify this fully, I need the SQL Server running so that I can fully test this.  The tag for next build is on Friday, so I need this fixed by tomorrow, and test and provide a fix, otherwise it will slip from next build

> MSSQL JDBC driver invalidates kerberos ticket on Connection.close()
> -------------------------------------------------------------------
>
>                 Key: TEIID-4183
>                 URL: https://issues.jboss.org/browse/TEIID-4183
>             Project: Teiid
>          Issue Type: Bug
>    Affects Versions: 8.12.x, 8.7.5.6_2
>            Reporter: Juraj Duráni
>            Assignee: Ramesh Reddy
>             Fix For: 9.0, 8.12.5
>
>
> MSSQL JDBC driver invalidate kerberos ticket on Connection.close() (related bugzilla \[1\]).
> If user creates kerberos connection, driver invalidates ticket on closing connection (Connection.close()). Therefore ticket cannot be re-used. EAP team creates a workaround for this by adding module option *wrapGSSCredential=true* with additional setting *credentialLifetime=-1* \[2, 3, 4, 5\]. This works for static kerberos authentication.
> However, passthrough authentication (org.teiid.jboss.PassthroughIdentityLoginModule) does not work, because passed ticket is not managed by EAP but by client.
> \[1\] https://bugzilla.redhat.com/show_bug.cgi?id=1097276
> \[2\] https://bugzilla.redhat.com/show_bug.cgi?id=1097276#c58
> \[3\] https://issues.jboss.org/browse/SECURITY-905
> \[4\] https://issues.jboss.org/browse/JBEAP-843
> \[5\] https://github.com/wildfly-security/jboss-negotiation/commit/0c7e06f58a79855d5ae2fbe6cb662e90baf7a5d4



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the teiid-issues mailing list