geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish Jain (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-4865) Login module to enable Kerberos authentication
Date Fri, 11 Sep 2009 11:43:00 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12754093#action_12754093
] 

Ashish Jain commented on GERONIMO-4865:
---------------------------------------

Just a history of what all has been done on this:

Initial trials suggested that there were some unreconganised options being added. The following
error was thrown in the very first try

javax.security.auth.login.LoginException: Bad JAAS configuration: unrecognized option: org.apache.geronimo.security.realm.GenericSecurityRealm.SERVERINFO
        at com.ibm.security.jgss.i18n.I18NException.throwLoginException(I18NException.java:16)
        at com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:412)
        at com.ibm.security.auth.module.Krb5LoginModule.a(Krb5LoginModule.java:171)
        at com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:374)
        at org.apache.geronimo.security.jaas.ClassOptionLoginModule.login(ClassOptionLoginModule.java:60)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:618)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709)
        at java.security.AccessController.doPrivileged(AccessController.java:246)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:603)
        at org.apache.geronimo.security.ContextManager.login(ContextManager.java:76)
        at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:294)
        at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:260)
        at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
        at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:406)
        at org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java:47)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

Similarly errors were thrown for org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL
and org.apache.geronimo.security.realm.GenericSecurityRealm.CLASSLOADER 
so as to overcome this these options were removed by using a custom login module

Attaching the initial version of the Kerberos Login module with the name KerberosLoginModule.java_initial

> Login module to enable  Kerberos authentication
> -----------------------------------------------
>
>                 Key: GERONIMO-4865
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4865
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: Ashish Jain
>            Assignee: Ashish Jain
>             Fix For: 2.2
>
>         Attachments: KerberosLoginModule.java
>
>
> A new login module for using the kerberos authentication mechanism  in geronimo.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message