[teiid-issues] [JBoss JIRA] (TEIID-4183) MSSQL JDBC driver invalidates kerberos ticket on Connection.close()
Ramesh Reddy (JIRA)
issues at jboss.org
Mon Jun 27 20:49:00 EDT 2016
[ https://issues.jboss.org/browse/TEIID-4183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ramesh Reddy resolved TEIID-4183.
---------------------------------
Fix Version/s: 9.1
(was: 9.0)
Resolution: Done
[~jdurani] Thanks. I had the previous one almost setup correctly but I forgot to copy a config file. I was able to finally duplicate the issue.
It came about, the way I was wrapping is correct, but it is alone is not sufficient. The subject I was using was not correct. Using the credential, one needs to create new subject using a security libraries, which will have a krb token for the delegated user. Then the credential matches with the user. I corrected it based on EAP implementation pattern, now it works as expected. See if you can build it locally and test (you can just copy the teiid-jboss-integration-8.12.5.jar) into the server.
> MSSQL JDBC driver invalidates kerberos ticket on Connection.close()
> -------------------------------------------------------------------
>
> Key: TEIID-4183
> URL: https://issues.jboss.org/browse/TEIID-4183
> Project: Teiid
> Issue Type: Bug
> Affects Versions: 8.12.x, 8.7.5.6_2
> Reporter: Juraj Duráni
> Assignee: Ramesh Reddy
> Fix For: 9.1, 8.12.5
>
>
> MSSQL JDBC driver invalidate kerberos ticket on Connection.close() (related bugzilla \[1\]).
> If user creates kerberos connection, driver invalidates ticket on closing connection (Connection.close()). Therefore ticket cannot be re-used. EAP team creates a workaround for this by adding module option *wrapGSSCredential=true* with additional setting *credentialLifetime=-1* \[2, 3, 4, 5\]. This works for static kerberos authentication.
> However, passthrough authentication (org.teiid.jboss.PassthroughIdentityLoginModule) does not work, because passed ticket is not managed by EAP but by client.
> \[1\] https://bugzilla.redhat.com/show_bug.cgi?id=1097276
> \[2\] https://bugzilla.redhat.com/show_bug.cgi?id=1097276#c58
> \[3\] https://issues.jboss.org/browse/SECURITY-905
> \[4\] https://issues.jboss.org/browse/JBEAP-843
> \[5\] https://github.com/wildfly-security/jboss-negotiation/commit/0c7e06f58a79855d5ae2fbe6cb662e90baf7a5d4
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the teiid-issues
mailing list