[teiid-issues] [JBoss JIRA] (TEIID-4183) MSSQL JDBC driver invalidates kerberos ticket on Connection.close()

Ramesh Reddy (JIRA) issues at jboss.org
Wed Jun 29 09:50:00 EDT 2016 

    [ https://issues.jboss.org/browse/TEIID-4183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258596#comment-13258596 ] 

Ramesh Reddy commented on TEIID-4183:
-------------------------------------

on (1) They must be using "connectionPoolBySubject", they did that in EAP 5, but since then I thought they moved past that. Either case caching is preferred. Is there a way to invalidate the cache?

(3) with code change I think this exception is gone now.

(5) yes, you can use single passthrough for any kind, unless user at top level used kerberos then kerberos specific code kicks in.

- Another good test case may be, using two users and limit the pool to two connections and interleave them and make sure we are not accidentally using subject one from the other

> MSSQL JDBC driver invalidates kerberos ticket on Connection.close()
> -------------------------------------------------------------------
>
>                 Key: TEIID-4183
>                 URL: https://issues.jboss.org/browse/TEIID-4183
>             Project: Teiid
>          Issue Type: Bug
>    Affects Versions: 8.12.x, 8.7.5.6_2
>            Reporter: Juraj Duráni
>            Assignee: Ramesh Reddy
>             Fix For: 9.1, 8.12.5
>
>
> MSSQL JDBC driver invalidate kerberos ticket on Connection.close() (related bugzilla \[1\]).
> If user creates kerberos connection, driver invalidates ticket on closing connection (Connection.close()). Therefore ticket cannot be re-used. EAP team creates a workaround for this by adding module option *wrapGSSCredential=true* with additional setting *credentialLifetime=-1* \[2, 3, 4, 5\]. This works for static kerberos authentication.
> However, passthrough authentication (org.teiid.jboss.PassthroughIdentityLoginModule) does not work, because passed ticket is not managed by EAP but by client.
> \[1\] https://bugzilla.redhat.com/show_bug.cgi?id=1097276
> \[2\] https://bugzilla.redhat.com/show_bug.cgi?id=1097276#c58
> \[3\] https://issues.jboss.org/browse/SECURITY-905
> \[4\] https://issues.jboss.org/browse/JBEAP-843
> \[5\] https://github.com/wildfly-security/jboss-negotiation/commit/0c7e06f58a79855d5ae2fbe6cb662e90baf7a5d4



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the teiid-issues mailing list