Currently - the JGSS API reads these configuration files as system properties.. So we would be able to setup a single KDC. We need to invest some time on this to find out a ways of doing this with out system properties..
Same issues exists there when a tenant - for example wants to talk to an external service secured with Mutual Authentication. Here we are setting a system property for the key store - and if the external service allows access to a tenant - that means it should let access to the stratos - in other words to the all the tenants.. Same applies - if some wants to secure a service with mutual auth.. I guess this is not possible currently per tenant.. I have look in to the mutual auth issue - and it is possible to get rid of the key store system property... we will work on these to get multitenant ready.. Thanks & regards, -Prabath On Fri, Feb 25, 2011 at 12:16 AM, Afkham Azeez <[email protected]> wrote: > So, my usual question, how does this work in a multitenant environment? How > are you going to provide tenant specific conf files? > > Azeez > > On Thu, Feb 24, 2011 at 11:36 PM, Amila Jayasekara <[email protected]>wrote: > >> Hi All, >> As some of you may know, there is a Kerberos KDC server with latest IS >> build. In-order to complete the use case we added kerberos based >> security scenario to security-mgt component. Now there is a security >> scenario 16. See screen-shot for more details. Now users can easily >> secure services using Kerberos security policy by selecting scenario >> 16. >> But this change is not yet in trunk as kerberos related rampart >> changes are not yet in trunk (Currently i am doing changes in 3.0.1 >> support branch). But hopefully by next week we will be adding these >> changes to the trunk. >> >> Please review the attached screen shot and let me know, if any of the >> text needs to be changed. >> >> Also we need to add two more config files to support, scenario 16. >> They are krb5.conf (Contains parameters related to requesting ticket) >> and jaas.conf (Authorization properties). >> I am planning to add above mentioned files to esb's conf directory. >> Please let me know if you have any concerns. >> >> Also i have a sample which demonstrate the use of KDC in IS and usage >> of scenario 16, in esb. Since this sample is related to 2 products, i >> am not sure where should i place the sample. Will be great if you >> could give feedback on where to place sample program (In IS or ESB ?). >> >> Thanks >> AmilaJ >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > *Afkham Azeez* > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, > * > * > *Member; Apache Software Foundation; > **http://www.apache.org/*<http://www.apache.org/> > * > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thanks & Regards, Prabath http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
