[jira] [Commented] (AMQ-4693) Add kerberos [SASL] authentication for TCP connectors

Sat, 06 Dec 2014 16:20:06 -0800 

    [ 
https://issues.apache.org/jira/browse/AMQ-4693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14237003#comment-14237003
 ] 

Piotr Klimczak commented on AMQ-4693:
-------------------------------------

For those who would like to participate in testing: 
https://github.com/PiotrKlimczak/activemq/tree/trunk-kerberos
Commit 
https://github.com/PiotrKlimczak/activemq/commit/779d36069792f9f196c09c5289e52a7034b92be0

Implementation is basing on RFC2712

Work still in progress.

For now it is using keytabs everywhere.
There is no way to authenticate users with username/password unless user will 
authenticate himself before initializing AMQConnectionFactory and will execute 
connection code with Subject.doAs. In that case it is up to user how to 
authenticate client. Otherwise it is expecting kerberos login module 
configuration name with all required variables set (including pointing to 
keytab).

Tested with unit test suite: Krb5TransportBrokerTest.
For now unit test have to be pointed to login modules configuration, which have 
to be reimplemented- need ApacheDS to start.

*Requirements to start testing*
*1. login modules configuration*
{code}
Client {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    useTicketCache=false
    keyTab="file:/home/pklimczak/pklimczak.keytab"
    principal="pklimczak";
};

Server {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    useTicketCache=false
    keyTab="file:/home/pklimczak/host.keytab"
    principal="host/pklimczak.com";
};
{code}

*2. Login config*
{code}
-Djava.security.auth.login.config=myLoginModules.config
{code}

*3. /etc/krb5.conf have to point to your REALM.*


> Add kerberos [SASL] authentication for TCP connectors
> -----------------------------------------------------
>
>                 Key: AMQ-4693
>                 URL: https://issues.apache.org/jira/browse/AMQ-4693
>             Project: ActiveMQ
>          Issue Type: New Feature
>          Components: Broker
>    Affects Versions: 5.8.0
>         Environment: linux, solaris
>            Reporter: Bhanu
>            Priority: Minor
>             Fix For: Unscheduled
>
>
> Hi,
> Can kerberos based authentication be added to ActiveMQ's TCP connectors.
> Thanks,
> Bhanu



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to