You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org> on 2009/02/09 06:34:59 UTC
[jira] Commented: (QPID-1645) Kerberos auth support for the java
client
[ https://issues.apache.org/jira/browse/QPID-1645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671736#action_12671736 ]
Rajith Attapattu commented on QPID-1645:
----------------------------------------
This is commited to trunk at rev 742267.
I have only added this to the 0-10 code path, and should be trivial to add this to the 0-8/9 code path.
However currently only the c++ broker supports kerberos.
How to
==========
You could force the java client to use kerberos auth by specifying it in the connection URL as follows.
amqp://guest:guest@clientid/testpath?brokerlist='tcp://localhost:5672?'&sasl_mechs='GSSAPI'
You would then need to pass in the following jvm arguments
-Djavax.security.auth.useSubjectCredsOnly=false (This will force the SASL GASSPI client to obtain the kerberos credentials explicitly instead of obtaining from the "subject" that owns the currents thread)
-Djava.security.auth.login.config=myjas.conf (this specifies the jass config file)
-Dsun.security.krb5.debug=true (to enable detailed debug info for troubleshooting)
Before running the java client you would need to do kinit and grab a kerberos ticket.
Alternative you could set useTicketCache=false and when the client loads, it will prompt you for the user/pass and will obtain the ticket
(You would also need to setup your kerberos environment properly -refer to doc links below).
======== Sample JASS Config file =============================
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};
=========================================================
Please refer to the following documentation for more details
http://java.sun.com/j2se/1.5.0/docs/guide/security/sasl/sasl-refguide.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/index.html
http://tldp.org/HOWTO/Kerberos-Infrastructure-HOWTO/
> Kerberos auth support for the java client
> -----------------------------------------
>
> Key: QPID-1645
> URL: https://issues.apache.org/jira/browse/QPID-1645
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Affects Versions: M4
> Reporter: Rajith Attapattu
> Assignee: Rajith Attapattu
> Fix For: M5
>
>
> Currently the 0-8 java client only supports PLAIN and cram-MD5 as authentication mechanisms.
> The 0-10 java client only uses PLAIN.
> It would be good to add Keberos as an authentication mechanism to the java client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org