Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2409

Review elytron kerberos-security-factory resource

    XMLWordPrintable

Details

    Description

      • mechanism-oids
        • Minimal command for kerberos security factory creation is 
          /subsystem=elytron/kerberos-security-factory=kerberos:add(principal=mchoma, path=/path/to/keytab, mechanism-oids=[1.2.840.113554.1.2.2])
        • I don't think it is user-friendly to require user to specify mechanism-oids. I think some reasonable default value should be used here.
      • minimum-remaining-lifetime
        • please, specify units in documentation, e.g. seconds/minutes
      • relative-to
        • as just path reference can be used here, probably should be just "expressions-allowed" => false
        • In legacy settings it is documented better: "The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute."
      • server
        • I assume based on server attribute INITIATE_ONLY or ACCEPT_ONLY is configured on GSSCredential [1]. Wouldn't it be useful to have also possibility to set INITIATE_AND_ACCEPT? Couldn't that be useful for example in case of identity propagation.
      • for-hosts
        • comparing to legacy security kerberosIdentityType I am missing for-hosts. Elytron won't provide such feature?

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-6286 Review elytron kerberos-security-factory resource

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. ELY-1021 GSS mechanisms OIDs into OidsUtil

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          relates to

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2387 Elytron subsystem requires user to input OIDs

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: