[jira] [Commented] (AMQ-4693) Add kerberos authentcation for TCP connectors

Thu, 29 Aug 2013 08:32:30 -0700 

    [ 
https://issues.apache.org/jira/browse/AMQ-4693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13753727#comment-13753727
 ] 

Deepak commented on AMQ-4693:
-----------------------------

Hi,

As per my understanding, in order to add Kerberos authentication for ActiveMQ 
client and broker to mutually authenticate themselves to each other (using 
Kerberos or GSS API), we need to have a common channel using which client and 
broker could arbitrarily exchange some messages (tokens) before the GSS 
Security Context is established. Only after two way exchange of messages 
(tokens) over a common channel, the client and broker can authenticate 
themselves to each other. However, in order to exchange such messages 
initially, we would need common channel for client/broker to communicate. 

With the current plugin/interceptor support provided in ActiveMQ, there is no 
way for client and server to mutually exchange some messages before they are 
considered authenticated to each other. I only see one way passing of user name 
and password from client to broker which isn't sufficient to establish GSS 
security context and mutual authentication. It looks like there has to be some 
additional mechanism for doing this two way authentication (and exchange of 
tokens) before any other other communication can take place.

So, it does not look like we can add kerberos based authentication to activemq 
with the current plugin support. Could ActiveMQ developers please confirm my 
understanding here?

Thanks,
Deepak
                
> Add kerberos authentcation for TCP connectors
> ---------------------------------------------
>
>                 Key: AMQ-4693
>                 URL: https://issues.apache.org/jira/browse/AMQ-4693
>             Project: ActiveMQ
>          Issue Type: New Feature
>          Components: Broker
>    Affects Versions: 5.8.0
>         Environment: linux, solaris
>            Reporter: Bhanu
>            Priority: Minor
>
> Hi,
> Can kerberos based authentication be added to ActiveMQ's TCP connectors.
> Thanks,
> Bhanu

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to