manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CONNECTORS-1103) Add Kerberos support for all connectors that currently use NTLM
Date Sun, 16 Nov 2014 21:57:33 GMT

    [ https://issues.apache.org/jira/browse/CONNECTORS-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14214098#comment-14214098
] 

Karl Wright commented on CONNECTORS-1103:
-----------------------------------------

After some consideration, I think it is better to wait for Kerberos direct support to be added
to HttpClient than to try and use the workaround.  The list of places this is needed is pretty
large:

{code}
C:\wip\mcf\trunk\connectors\jira\connector\src\main\java\org\apache\manifoldcf\authorities\authorities\jira\JiraSession.java:59:import
org.apache.http.auth.NTCredentials;
C:\wip\mcf\trunk\connectors\jira\connector\src\main\java\org\apache\manifoldcf\authorities\authorities\jira\JiraSession.java:163:
         new NTCredentials(proxyUsername, proxyPassword, currentHost, proxyDomain));
C:\wip\mcf\trunk\connectors\jira\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\jira\JiraSession.java:57:import
org.apache.http.auth.NTCredentials;
C:\wip\mcf\trunk\connectors\jira\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\jira\JiraSession.java:161:
         new NTCredentials(proxyUsername, proxyPassword, currentHost, proxyDomain));
C:\wip\mcf\trunk\connectors\livelink\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\livelink\LivelinkConnector.java:59:import
org.apache.http.auth.NTCredentials;
C:\wip\mcf\trunk\connectors\livelink\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\livelink\LivelinkConnector.java:520:
         new NTCredentials(ingestNtlmUsername,ingestNtlmPassword,currentHost,ingestNtlmDomain));
C:\wip\mcf\trunk\connectors\meridio\connector\src\main\java\org\apache\manifoldcf\meridio\MeridioWrapper.java:88:import
org.apache.http.auth.NTCredentials;
C:\wip\mcf\trunk\connectors\meridio\connector\src\main\java\org\apache\manifoldcf\meridio\MeridioWrapper.java:289:
       new NTCredentials(domainUser, password, currentHost, domain));
C:\wip\mcf\trunk\connectors\meridio\connector\src\main\java\org\apache\manifoldcf\meridio\MeridioWrapper.java:292:
       new NTCredentials(domainUser, password, currentHost, domain));
C:\wip\mcf\trunk\connectors\meridio\connector\src\main\java\org\apache\manifoldcf\meridio\MeridioWrapper.java:304:
         new NTCredentials(domainUser, password, currentHost, domain));
C:\wip\mcf\trunk\connectors\meridio\connector\src\main\java\org\apache\manifoldcf\meridio\MeridioWrapper.java:320:
         new NTCredentials(domainUser, password, currentHost, domain));
C:\wip\mcf\trunk\connectors\meridio\connector\src\main\java\org\apache\manifoldcf\meridio\MeridioWrapper.java:373:
         new NTCredentials(domainUser, password, currentHost, domain));
C:\wip\mcf\trunk\connectors\meridio\connector\src\main\java\org\apache\manifoldcf\meridio\MeridioWrapper.java:385:
           new NTCredentials(domainUser, password, currentHost, domain));
C:\wip\mcf\trunk\connectors\rss\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\rss\ThrottledFetcher.java:47:import
org.apache.http.auth.NTCredentials;
C:\wip\mcf\trunk\connectors\rss\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\rss\ThrottledFetcher.java:284:
           new NTCredentials(proxyAuthUsername, proxyAuthPassword, currentHost, proxyAuthDomain));
C:\wip\mcf\trunk\connectors\sharepoint\connector\src\main\java\org\apache\manifoldcf\authorities\authorities\sharepoint\SharePointAuthority.java:52:import
org.apache.http.auth.NTCredentials;
C:\wip\mcf\trunk\connectors\sharepoint\connector\src\main\java\org\apache\manifoldcf\authorities\authorities\sharepoint\SharePointAuthority.java:729:
         new NTCredentials(strippedUserName, password, currentHost, ntlmDomain));
C:\wip\mcf\trunk\connectors\sharepoint\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\sharepoint\SharePointRepository.java:62:import
org.apache.http.auth.NTCredentials;
C:\wip\mcf\trunk\connectors\sharepoint\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\sharepoint\SharePointRepository.java:253:
         new NTCredentials(strippedUserName, password, currentHost, ntlmDomain));
C:\wip\mcf\trunk\connectors\webcrawler\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\webcrawler\CredentialsDescription.java:27:import
org.apache.http.auth.NTCredentials;
C:\wip\mcf\trunk\connectors\webcrawler\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\webcrawler\CredentialsDescription.java:719:
     return new NTCredentials(userName,password,targetHostName,domain);
C:\wip\mcf\trunk\connectors\webcrawler\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\webcrawler\ThrottledFetcher.java:55:import
org.apache.http.auth.NTCredentials;
C:\wip\mcf\trunk\connectors\webcrawler\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\webcrawler\ThrottledFetcher.java:495:
           new NTCredentials(proxyAuthUsername, (proxyAuthPassword==null)?"":proxyAuthPassword,
currentHost, (proxyAuthDomain==null)?"":proxyAuthDomain));
C:\wip\mcf\trunk\connectors\wiki\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\wiki\WikiConnector.java:41:import
org.apache.http.auth.NTCredentials;
C:\wip\mcf\trunk\connectors\wiki\connector\src\main\java\org\apache\manifoldcf\crawler\connectors\wiki\WikiConnector.java:282:
           new NTCredentials(proxyUsername, proxyPassword, currentHost, proxyDomain));
{code}


> Add Kerberos support for all connectors that currently use NTLM
> ---------------------------------------------------------------
>
>                 Key: CONNECTORS-1103
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1103
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: FileNet connector, LiveLink connector, RSS connector, SharePoint
connector, Web connector
>    Affects Versions: ManifoldCF 1.7.2
>            Reporter: Karl Wright
>            Assignee: Karl Wright
>             Fix For: ManifoldCF next
>
>
> You can solve your local ticket store by using LoginContext and appropriate keytabs.
Obtain the GSSCredential and go. Every connection instance can act independently. Regardless
of the OS.
> If you cache the subject issued by the aforementioned LoginContext, you can always say:
GssCredential#getRemainingLifetime or invoke a fresh LoginContext as you think fit.
> Unfortunately, HTTPClient does not support direct use of GSSCredential and always assumes
implicit credential. Fortunately, there are several ways to solve that problem too.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message