You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org> on 2009/02/09 06:34:59 UTC

[jira] Commented: (QPID-1645) Kerberos auth support for the java client

    [ https://issues.apache.org/jira/browse/QPID-1645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671736#action_12671736 ] 

Rajith Attapattu commented on QPID-1645:
----------------------------------------

This is commited to trunk at rev 742267.
I have only added this to the 0-10 code path, and should be trivial to add this to the 0-8/9 code path.
However currently only the c++ broker supports kerberos.

How to
==========
You could force the java client to use kerberos auth by specifying it in the connection URL as follows.
amqp://guest:guest@clientid/testpath?brokerlist='tcp://localhost:5672?'&sasl_mechs='GSSAPI'

You would then need to pass in the following jvm arguments
-Djavax.security.auth.useSubjectCredsOnly=false  (This will force the SASL GASSPI client to obtain the kerberos credentials explicitly instead of obtaining from the "subject" that owns the currents thread)
-Djava.security.auth.login.config=myjas.conf  (this specifies the jass config file)
-Dsun.security.krb5.debug=true (to enable detailed debug info for troubleshooting)

Before running the java client you would need to do kinit and grab a kerberos ticket.
Alternative you could set useTicketCache=false and when the client loads, it will prompt you for the user/pass and will obtain the ticket
(You would also need to setup your kerberos environment properly  -refer to doc links below).

======== Sample JASS Config file =============================

com.sun.security.jgss.initiate  {
  com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};

=========================================================

Please refer to the following documentation for more details
http://java.sun.com/j2se/1.5.0/docs/guide/security/sasl/sasl-refguide.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/index.html
http://tldp.org/HOWTO/Kerberos-Infrastructure-HOWTO/

> Kerberos auth support for the java client
> -----------------------------------------
>
>                 Key: QPID-1645
>                 URL: https://issues.apache.org/jira/browse/QPID-1645
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>    Affects Versions: M4
>            Reporter: Rajith Attapattu
>            Assignee: Rajith Attapattu
>             Fix For: M5
>
>
> Currently the 0-8 java client only supports PLAIN and cram-MD5 as authentication mechanisms.
> The 0-10 java client only uses PLAIN.
> It would be good to add Keberos as an authentication mechanism to the java client.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org