[
https://issues.apache.org/jira/browse/QPID-1645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671736#action_12671736
]
Rajith Attapattu commented on QPID-1645:
----------------------------------------
This is commited to trunk at rev 742267.
I have only added this to the 0-10 code path, and should be trivial to add this
to the 0-8/9 code path.
However currently only the c++ broker supports kerberos.
How to
==========
You could force the java client to use kerberos auth by specifying it in the
connection URL as follows.
amqp://guest:gu...@clientid/testpath?brokerlist='tcp://localhost:5672?'&sasl_mechs='GSSAPI'
You would then need to pass in the following jvm arguments
-Djavax.security.auth.useSubjectCredsOnly=false (This will force the SASL
GASSPI client to obtain the kerberos credentials explicitly instead of
obtaining from the "subject" that owns the currents thread)
-Djava.security.auth.login.config=myjas.conf (this specifies the jass config
file)
-Dsun.security.krb5.debug=true (to enable detailed debug info for
troubleshooting)
Before running the java client you would need to do kinit and grab a kerberos
ticket.
Alternative you could set useTicketCache=false and when the client loads, it
will prompt you for the user/pass and will obtain the ticket
(You would also need to setup your kerberos environment properly -refer to doc
links below).
======== Sample JASS Config file =============================
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};
=========================================================
Please refer to the following documentation for more details
http://java.sun.com/j2se/1.5.0/docs/guide/security/sasl/sasl-refguide.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/index.html
http://tldp.org/HOWTO/Kerberos-Infrastructure-HOWTO/
> Kerberos auth support for the java client
> -----------------------------------------
>
> Key: QPID-1645
> URL: https://issues.apache.org/jira/browse/QPID-1645
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Affects Versions: M4
> Reporter: Rajith Attapattu
> Assignee: Rajith Attapattu
> Fix For: M5
>
>
> Currently the 0-8 java client only supports PLAIN and cram-MD5 as
> authentication mechanisms.
> The 0-10 java client only uses PLAIN.
> It would be good to add Keberos as an authentication mechanism to the java
> client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
