Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2518

Unable to configure Krb5LoginModule options in elytron kerberos implementation

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 3.0.0.Beta7
    • Fix Version/s: 3.0.0.Beta8
    • Component/s: Security
    • Labels:
      None

      Description

      Krb5LoginModule options are not configurable. I mean there are some of them exposed (debug, keytab, acceptor/initiator), but not all. In my opinion, sooner or later customers will hunt us to provide all of them. Because there are various use-cases out there needing to tweak kerberos configuration somehow. Legacy KerberosLoginModule exposed these options https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/login-module-reference/#kerberos_login_module

                  if (debug) {
                      options.put("debug", "true");
                  }
                  options.put("principal", principal);
      
                  final AppConfigurationEntry ace;
                  if (IS_IBM) {
                      options.put("noAddress", "true");
                      options.put("credsType", isServer ? "acceptor" : "initiator");
                      options.put("useKeytab", keyTab.toURI().toURL().toString());
                      ace = new AppConfigurationEntry(IBMKRB5LoginModule, REQUIRED, options);
                  } else {
                      options.put("storeKey", "true");
                      options.put("useKeyTab", "true");
                      options.put("keyTab", keyTab.getAbsolutePath());
                      options.put("isInitiator", isServer ? "false" : "true");
      
                      ace = new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options);
                  }
      

      ^ GSSCredentialSecurityFactory

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dlofthouse Darran Lofthouse
                  Reporter:
                  mchoma Martin Choma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: