Back to bug 1331742
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Van Halbert | 2016-05-10 22:00:49 UTC | Status | NEW | MODIFIED |
| Target Release | --- | 6.3.0 | ||
| CC | vhalbert | |||
| Target Milestone | --- | ER4 | ||
| Van Halbert | 2016-06-03 21:19:43 UTC | Status | MODIFIED | ON_QA |
| Juraj Duráni | 2016-06-15 12:53:10 UTC | Status | ON_QA | ASSIGNED |
| Van Halbert | 2016-06-20 13:06:01 UTC | Target Milestone | ER4 | --- |
| Debi Rieden | 2016-06-20 15:43:03 UTC | CC | drieden | |
| Van Halbert | 2016-06-28 12:17:21 UTC | Status | ASSIGNED | MODIFIED |
| Target Milestone | --- | ER6 | ||
| Debi Rieden | 2016-07-11 13:18:55 UTC | Target Milestone | ER6 | CR1 |
| Van Halbert | 2016-07-26 17:10:16 UTC | Status | MODIFIED | ON_QA |
| Juraj Duráni | 2016-08-01 11:41:02 UTC | Status | ON_QA | ASSIGNED |
| David Le Sage | 2016-08-09 03:06:46 UTC | CC | dlesage | |
| Doc Text | The MSSQL JDBC driver invalidates an active kerberos ticket on Connection.close(). As a result, if the user creates kerberos connection, the driver invalidates the ticket when the connection is closed and, therefore, the ticket cannot be re-used. The EAP team created a workaround for this by adding the module option 'wrapGSSCredential=true' with the additional setting 'credentialLifetime=-1' [2, 3, 4, 5]. This works for static kerberos authentication. However, passthrough authentication (org.teiid.jboss.PassthroughIdentityLoginModule) does not work, because the passed ticket is not managed by EAP but by the client. |
|||
| Juraj Duráni | 2016-08-09 05:24:13 UTC | Flags | needinfo?(dlesage) | |
| David Le Sage | 2016-08-11 04:44:31 UTC | Status | ASSIGNED | ON_QA |
| Doc Text | The MSSQL JDBC driver invalidates an active kerberos ticket on Connection.close(). As a result, if the user creates kerberos connection, the driver invalidates the ticket when the connection is closed and, therefore, the ticket cannot be re-used. The EAP team created a workaround for this by adding the module option 'wrapGSSCredential=true' with the additional setting 'credentialLifetime=-1' [2, 3, 4, 5]. This works for static kerberos authentication. However, passthrough authentication (org.teiid.jboss.PassthroughIdentityLoginModule) does not work, because the passed ticket is not managed by EAP but by the client. | The MSSQL JDBC driver invalidates an active kerberos ticket on Connection.close(). As a result, if the user creates kerberos connection, the driver invalidates the ticket when the connection is closed and, therefore, the ticket cannot be re-used. The EAP team created a workaround for this by adding the module option 'wrapGSSCredential=true' with the additional setting 'credentialLifetime=-1'. This works for static kerberos authentication. To make the PassthroughIdentityLoginModule (PTILM) work, you need to add an additional module option for PTILM 'wrapGSSCredential' and set it to 'true' (the default is 'false'). | ||
| Flags | needinfo?(dlesage) | |||
| Juraj Duráni | 2016-08-11 07:08:05 UTC | Status | ON_QA | VERIFIED |
| Filip Elias | 2016-08-24 11:36:44 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2016-08-24 07:36:44 UTC |
Back to bug 1331742