qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajith Attapattu (JIRA)" <qpid-...@incubator.apache.org>
Subject [jira] Commented: (QPID-1645) Kerberos auth support for the java client
Date Mon, 09 Feb 2009 05:34:59 GMT

    [ https://issues.apache.org/jira/browse/QPID-1645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671736#action_12671736

Rajith Attapattu commented on QPID-1645:

This is commited to trunk at rev 742267.
I have only added this to the 0-10 code path, and should be trivial to add this to the 0-8/9
code path.
However currently only the c++ broker supports kerberos.

How to
You could force the java client to use kerberos auth by specifying it in the connection URL
as follows.

You would then need to pass in the following jvm arguments
-Djavax.security.auth.useSubjectCredsOnly=false  (This will force the SASL GASSPI client to
obtain the kerberos credentials explicitly instead of obtaining from the "subject" that owns
the currents thread)
-Djava.security.auth.login.config=myjas.conf  (this specifies the jass config file)
-Dsun.security.krb5.debug=true (to enable detailed debug info for troubleshooting)

Before running the java client you would need to do kinit and grab a kerberos ticket.
Alternative you could set useTicketCache=false and when the client loads, it will prompt you
for the user/pass and will obtain the ticket
(You would also need to setup your kerberos environment properly  -refer to doc links below).

======== Sample JASS Config file =============================

com.sun.security.jgss.initiate  {
  com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;


Please refer to the following documentation for more details

> Kerberos auth support for the java client
> -----------------------------------------
>                 Key: QPID-1645
>                 URL: https://issues.apache.org/jira/browse/QPID-1645
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>    Affects Versions: M4
>            Reporter: Rajith Attapattu
>            Assignee: Rajith Attapattu
>             Fix For: M5
> Currently the 0-8 java client only supports PLAIN and cram-MD5 as authentication mechanisms.
> The 0-10 java client only uses PLAIN.
> It would be good to add Keberos as an authentication mechanism to the java client.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org

View raw message