Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1832

KnoxSession handling of JAAS config for kerberos auth is not deterministic

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.0
    • Fix Version/s: 1.3.0
    • Component/s: KnoxShell
    • Labels:
      None

      Description

      The KnoxShell kerberos authentication support depends on the default facility for locating the JAAS Configuration to apply, defaulting to the jaas.conf file packaged in its own JAR. In some cases, an alternative JAAS conf has been set (overriding the internal one), which likely does not have the expected entry (i.e., "com.sun.security.jgss.initiate").

      Instead, a Configuration instance based explicitly on this internal jaas.conf file can be created and employed, making the behavior much more deterministic.

        Attachments

          Activity

            People

            • Assignee:
              pzampino Philip Zampino
              Reporter:
              pzampino Philip Zampino
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: