qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajith Attapattu (JIRA)" <qpid-...@incubator.apache.org>
Subject [jira] Commented: (QPID-1645) Kerberos auth support for the java client
Date Mon, 09 Feb 2009 05:34:59 GMT

    [ https://issues.apache.org/jira/browse/QPID-1645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671736#action_12671736
] 

Rajith Attapattu commented on QPID-1645:
----------------------------------------

This is commited to trunk at rev 742267.
I have only added this to the 0-10 code path, and should be trivial to add this to the 0-8/9
code path.
However currently only the c++ broker supports kerberos.

How to
==========
You could force the java client to use kerberos auth by specifying it in the connection URL
as follows.
amqp://guest:guest@clientid/testpath?brokerlist='tcp://localhost:5672?'&sasl_mechs='GSSAPI'

You would then need to pass in the following jvm arguments
-Djavax.security.auth.useSubjectCredsOnly=false  (This will force the SASL GASSPI client to
obtain the kerberos credentials explicitly instead of obtaining from the "subject" that owns
the currents thread)
-Djava.security.auth.login.config=myjas.conf  (this specifies the jass config file)
-Dsun.security.krb5.debug=true (to enable detailed debug info for troubleshooting)

Before running the java client you would need to do kinit and grab a kerberos ticket.
Alternative you could set useTicketCache=false and when the client loads, it will prompt you
for the user/pass and will obtain the ticket
(You would also need to setup your kerberos environment properly  -refer to doc links below).

======== Sample JASS Config file =============================

com.sun.security.jgss.initiate  {
  com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};

=========================================================

Please refer to the following documentation for more details
http://java.sun.com/j2se/1.5.0/docs/guide/security/sasl/sasl-refguide.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/index.html
http://tldp.org/HOWTO/Kerberos-Infrastructure-HOWTO/

> Kerberos auth support for the java client
> -----------------------------------------
>
>                 Key: QPID-1645
>                 URL: https://issues.apache.org/jira/browse/QPID-1645
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>    Affects Versions: M4
>            Reporter: Rajith Attapattu
>            Assignee: Rajith Attapattu
>             Fix For: M5
>
>
> Currently the 0-8 java client only supports PLAIN and cram-MD5 as authentication mechanisms.
> The 0-10 java client only uses PLAIN.
> It would be good to add Keberos as an authentication mechanism to the java client.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org


Mime
View raw message