-
Bug
-
Resolution: Done
-
Blocker
-
8.2
-
None
Hi,
We have the following configuration setup in our teiid 8.2 aplha 2 environment running on eap6
<transport name="jdbc" socket-binding="teiid-jdbc">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3" keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore" password="changeit"/>
</ssl>
</transport>
<transport name="odbc" socket-binding="teiid-odbc" protocol="pg">
<authentication security-domain="REDHAT.COM"/>
<ssl mode="enabled" ssl-protocol="SSLv3" keymanagement-algorithm="SunX509">
<keystore name="/etc/jbossas/standalone/jboss.keystore" password="changeit"/>
</ssl>
</transport>
With out security configuration looking like
<security-domain name="host" cache-type="default">
<authentication>
<login-module code="Kerberos" flag="required">
<module-option name="storeKey" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="principal" value="HTTP/REMOVED_HOSTNAME@REDHAT.COM"/>
<module-option name="keyTab" value="/etc/jbossas/standalone/jboss.keytab"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="debug" value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="fallback" cache-type="default">
<authentication>
<login-module code="Kerberos" flag="required">
<module-option name="useTicketCache" value="true"/>
<module-option name="useKeyTab" value="false"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="debug" value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="REDHAT.COM" cache-type="default">
<authentication>
<login-module code="SPNEGO" flag="requisite">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="serverSecurityDomain" value="host"/>
<module-option name="removeRealmFromPrincipal" value="true"/>
<module-option name="usernamePasswordDomain" value="fallback"/>
</login-module>
</authentication>
</security-domain>
And the security seems to work as expected for the JDBC connection, but when we try to connect via ODBC to port 35432 it simply allows us to connect regardless of any username/password combination we use. We tried even switching back to just basic username/password login module (against flat files) with same results.
