[GitHub] activemq-artemis pull request #1379: https://issues.apache.org/jira/browse/A...

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] activemq-artemis pull request #1379: https://issues.apache.org/jira/browse/A...

asfgit
GitHub user gtully opened a pull request:

    https://github.com/apache/activemq-artemis/pull/1379

    https://issues.apache.org/jira/browse/ARTEMIS-1264

    first cut poc for the core client with netty connector and acceptor doing kerberos
    jaas.doAs around sslengine init such that the SSL handshake can do kerberos ticket
    generaton and validation.
    The kerberos authenticate user is then validated with the security manager before
    being populated into the message userId.
    The feature is enabled with the kerb5Config property. When lowercase it is the
    principal. With a leading uppercase char it is the login.config entry to use.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/gtully/activemq-artemis ARTEMIS-1264

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/activemq-artemis/pull/1379.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1379
   
----
commit c17227e77d5557bba71daa791aab63937e256891
Author: gtully <[hidden email]>
Date:   2017-06-30T12:56:24Z

    https://issues.apache.org/jira/browse/ARTEMIS-1264
   
    first cut poc for the core client with netty connector and acceptor doing kerberos
    jaas.doAs around sslengine init such that the SSL handshake can do kerberos ticket
    generaton and validation.
    The kerberos authenticate user is then validated with the security manager before
    being populated into the message userId.
    The feature is enabled with the kerb5Config property. When lowercase it is the
    principal. With a leading uppercase char it is the login.config entry to use.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] activemq-artemis issue #1379: https://issues.apache.org/jira/browse/ARTEMIS-...

asfgit
Github user gtully commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1379
 
    There is a bump of the apache directory-version due to clashes between minikdc and the existing test usage of 1.5.7


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] activemq-artemis issue #1379: https://issues.apache.org/jira/browse/ARTEMIS-...

asfgit
In reply to this post by asfgit
Github user gtully commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1379
 
    The mods to org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection#getDefaultActiveMQPrincipal may need a revisit - may go against the intent of the existing comment: //never allow this


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] activemq-artemis issue #1379: https://issues.apache.org/jira/browse/ARTEMIS-...

asfgit
In reply to this post by asfgit
Github user gtully commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1379
 
    also of note is the addition of the SNI support - the SNIHost is used to for the kerberos ticket grant which avoids the need to tie server principal to dns (the default name is host/<hostName>) but with a SNIHost of foo.bar it is host/foo.bar


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] activemq-artemis issue #1379: https://issues.apache.org/jira/browse/ARTEMIS-...

asfgit
In reply to this post by asfgit
Github user gtully commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1379
 
    Tidied up the commit message


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] activemq-artemis issue #1379: https://issues.apache.org/jira/browse/ARTEMIS-...

asfgit
In reply to this post by asfgit
Github user clebertsuconic commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1379
 
    I would rename the first line as ARTEMIS-1264 Adding Kerberos to Core
   
    the second line can include the JIRA...
   
   
   
    It's just that git log won't be very helpful with just the JIRA on the first line... some context to the first line would be great


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] activemq-artemis issue #1379: https://issues.apache.org/jira/browse/ARTEMIS-...

asfgit
In reply to this post by asfgit
Github user mtaylor commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1379
 
    @gtully This looks like a great first step Gary. Merging. We add the additional improvements mentioned in the JIRA iteratively.  Thanks.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] activemq-artemis issue #1379: https://issues.apache.org/jira/browse/ARTEMIS-...

asfgit
In reply to this post by asfgit
Github user clebertsuconic commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1379
 
    @mtaylor I would run the whole testsuite first...
    I can't have master on an intermediate state now.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] activemq-artemis issue #1379: https://issues.apache.org/jira/browse/ARTEMIS-...

asfgit
In reply to this post by asfgit
Github user mtaylor commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1379
 
    @clebertsuconic  +1.  Running.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] activemq-artemis pull request #1379: https://issues.apache.org/jira/browse/A...

asfgit
In reply to this post by asfgit
Github user asfgit closed the pull request at:

    https://github.com/apache/activemq-artemis/pull/1379


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---