We are using failover transport for connecting to network of brokers and we are using kerberos for authentication and authorization.
During connection setup in connection factory create connection we generate a kerberos token and set is in the password field of the AMQ connection factory. Broker authenticates this token and authorizes the connecting service. But problem arises during failover when primary broker goes down. At this time failover transport kicks in and copies the connection data from ConnectionInfo class which has cached copy of kerberos token generated during initial connection and uses this data to connect to second broker. Now second broker is not able to authenticate using this token as it has already expired. I wanted to reach out to dev community to see if there is a way to regenerate password (token) during failover. I am sure we are not the only ones trying to stuff short-lived credentials into the JMS password field. Please let me know if you have any suggestions. -- View this message in context: http://activemq.2283324.n4.nabble.com/AMQ-5-8-Issue-with-re-generating-Kerberos-token-during-failover-tp4674700.html Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.
