Bug 1252356 - [QE] Incorrect info provided for Kerberos login module
[QE] Incorrect info provided for Kerberos login module
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Documentation (Show other bugs)
6.4.0
Unspecified Unspecified
unspecified Severity high
: post-GA
: ---
Assigned To: Zach Rhoads
Josef Cacek
https://access.stage.redhat.com/docum...
: Documentation, Triaged
Depends On:
Blocks: 1233012
  Show dependency treegraph
 
Reported: 2015-08-11 04:54 EDT by mchoma
Modified: 2015-10-20 08:48 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Consequence: 1252356
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-20 08:48:09 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description mchoma 2015-08-11 04:54:52 EDT
Book: Login Module Reference
Revision: n_1575841_login-module-reference_version_6.4_edition_1.0_release_0-revision_6701191
Section: Kerberos Login Module

Issue description:
The section is not correct at all. Originally the "Kerberos" login module was really an alias for the Sun's Krb5LoginModule implementation, but now the "Kerberos" alias is used for "org.jboss.security.negotiation.KerberosLoginModule" which is a wrapper for Sun/Oracle and IBM Krb5LoginModule implementations with additional logic to cover credentials delegation. The Kerberos login module is part of JBoss Negotiation server module so there has to be configured module dependency in the deployment which uses this login module.

JavaDoc of this wrapped login module says "A Kerberos LoginModule that wraps the JDK supplied module and has the additional capability of adding a GSSCredential to the populated Subject".

Suggestions for improvement:
Rewrite Kerberos login module section.
Provide description for all module options, e.g. "delegationCredential", "addGSSCredential" and "credentialLifetime". Contact PM and/or devs for list of all supported options.
Remove description of the other module options (coming from the Sun Krb5LoginModule Implementation) and add only a link to Sun/Oracle and IBM documentation.
Comment 3 Josef Cacek 2015-09-30 04:56:22 EDT
Verified in Revision: n_1625523_login-module-reference_version_6.4_edition_1.0_release_0-revision_7256591

Note You need to log in before you can comment on or make changes to this bug.