activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harman <>
Subject AMQ 5.8 | Issue with re-generating Kerberos token during failover
Date Wed, 20 Nov 2013 14:49:07 GMT
We are using failover transport for connecting to network of brokers and we
are using kerberos for authentication and authorization.

During connection setup in connection factory create connection we generate
a kerberos token and set is in the password field of the AMQ connection
factory. Broker authenticates this token and authorizes the connecting

But problem arises during failover when primary broker goes down. At this
time failover transport kicks in and copies the connection data from
ConnectionInfo class which has cached copy of kerberos token generated
during initial connection and uses this data to connect to second broker.
Now second broker is not able to authenticate using this token as it has
already expired. 

I wanted to reach out to dev community to see if there is a way to
regenerate password (token) during failover. I am sure we are not the only
ones trying to stuff short-lived credentials into the JMS password field.

Please let me know if you have any suggestions.

View this message in context:
Sent from the ActiveMQ - Dev mailing list archive at

View raw message