You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2019/08/02 11:37:29 UTC

[Bug 63627] New: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

https://bz.apache.org/bugzilla/show_bug.cgi?id=63627

            Bug ID: 63627
           Summary: Implement more fine-grained handling in
                    RealmBase#authenticate(GSSContext, boolean)
           Product: Tomcat 8
           Version: 8.5.x-trunk
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: michaelo@apache.org
  Target Milestone: ----

We maintain a custom RealmBase#authenticate(GSSContext, boolean) implementation
because the given one as a few shortcomings I'd like to address this in a PR:

* Move stripping right before #getPrincipal() to log a fully qualified GSS name
* Issue a warning instead of a debug if #getDelegCred() has failed.
Justification: the context indicates that there is a credential and the
developer has configured to store them, but this failed. A debug will be
unnoticed in a production system. The admin should see this and take action.
* If storeCreds is requested, but the credentials arent't log this in debug for
traceability.

Custom impl:
http://tomcatspnegoad.sourceforge.net/xref/net/sf/michaelo/tomcat/realm/ActiveDirectoryRealm.html#L229

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 63627] Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63627

Michael Osipov <mi...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Michael Osipov <mi...@apache.org> ---
Fixed in:
- master for 9.0.23 onwards
- 8.5.x for 8.5.44 onwards
- 7.0.x for 7.0.97 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org