-
Bug
-
Resolution: Done
-
Critical
-
3.0.0.Beta7
- mechanism-oids
- Minimal command for kerberos security factory creation is
/subsystem=elytron/kerberos-security-factory=kerberos:add(principal=mchoma, path=/path/to/keytab, mechanism-oids=[1.2.840.113554.1.2.2])
- I don't think it is user-friendly to require user to specify mechanism-oids. I think some reasonable default value should be used here.
- Minimal command for kerberos security factory creation is
- minimum-remaining-lifetime
- please, specify units in documentation, e.g. seconds/minutes
- relative-to
- as just path reference can be used here, probably should be just "expressions-allowed" => false
- In legacy settings it is documented better: "The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute."
- server
- I assume based on server attribute INITIATE_ONLY or ACCEPT_ONLY is configured on GSSCredential [1]. Wouldn't it be useful to have also possibility to set INITIATE_AND_ACCEPT? Couldn't that be useful for example in case of identity propagation.
- for-hosts
- comparing to legacy security kerberosIdentityType I am missing for-hosts. Elytron won't provide such feature?
- clones
-
-
- Closed
-
- is blocked by
-
-
- Resolved
-
- relates to
-
-
- Resolved
-
