Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-352

Cache Server Subject

    XMLWordPrintable

    Details

      Description

      Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue)

      One request for each of the SPNEGO round trips and then one request for the LDAP search.

      Attempts to make use of a local ticket cache failed: -

      <!--
      <module-option name="useTicketCache">true</module-option>
      <module-option name="renewTGT">true</module-option>
      <module-option name="ticketCache">/home/darranl/src/negotiation-as/jboss-4.2.2.GA-AD/testserver.cache</module-option>
      -->

      As the keytab had not been read it meant that the requirements for storeKey were not met, this is needed for SPNEGO.

      <module-option name="storeKey">true</module-option>

      A mechanism to cache the server subject is needed.

      The expiration time of the ticket can be obtained to decide how long to cache the ticket for: -

      Set<Object> privateCredentials = serverSubject.getPrivateCredentials();
      for (Object current : privateCredentials)
      {
      if (current instanceof KerberosTicket)

      { KerberosTicket ticket = (KerberosTicket) current; System.out.println(ticket.getEndTime()); }

      }

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              dlofthouse Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated: