-
1. Re: Kerberos support in JBoss Teiid ?
shawkins Sep 4, 2014 1:34 PM (in response to madhurika_sharma)Kerberos support through GSSAPI - Teiid 8.9 (draft) - Project Documentation Editor outlines how to connect to the server using GSSAPI/Kerberos. I gather you are then asking about Kerberos to the source under Teiid. See Data Source Security - Teiid 8.9 (draft) - Project Documentation Editor for some options.
-
2. Re: Kerberos support in JBoss Teiid ?
madhurika_sharma Sep 5, 2014 2:30 AM (in response to shawkins)Hello Steven,
Thanks for the reply.
I see Teiid 8.9 in the URL you have given . I am using Teiid 8.4.0 .
Does Teiid 8.4.0 with Jboss 6.1.0 supports Kerberos? -
3. Re: Kerberos support in JBoss Teiid ?
rareddy Sep 5, 2014 10:45 AM (in response to madhurika_sharma)Yes it is supported in Teiid 8.4 Kerberos support through GSSAPI However it got refined in 8.8 for delegation model. However, we still do not support kerberos delegation to JDBC sources yet, see [TEIID-3005] Support Kerberos pass-thru to the data source - JBoss Issue Tracker
-
4. Re: Kerberos support in JBoss Teiid ?
madhurika_sharma Sep 6, 2014 6:36 AM (in response to rareddy)I am getting confused here.
I was connecting to SQL server 2008 database with jdbc username and password before ;now i want to connect to MS SQL server 2008 database (servers are kerberos enabled) with kerberos authentication from JBoss Teiid . So, are you saying i can do it with Kerberos support through GSSAPI - Teiid 8.4 - Project Documentation Editor ? -
5. Re: Re: Kerberos support in JBoss Teiid ?
rareddy Sep 8, 2014 6:26 AM (in response to madhurika_sharma)OK, here is what is supported and not
1) Your Application --> Kerberos Auth --> Teiid (supported)
2) Teiid --> Kerberos Auth --> SQL Server 2008 (should be supported)
3) Your Application --> Kerberos Auth --> Teiid --> Use same logged in kerberos token (No reauth) --> SQL Server 2008 (not supported TEIID-3005)
If you are only looking for (2), then consult JBoss EAP documents for configuration, it will be like configuring a security-domain in JBoss EAP then configuring data source with that security domain.
For ex:
Add following system properties
JAVA_OPTS = "$JAVA_OPTS -Djava.security.krb5.conf=/path/to/krb5.conf -Djava.security.krb5.debug=false -Djavax.security.auth.useSubjectCredsOnly=false"
then security-domain like
<security-domain name="host" cache-type="default"> <authentication> <login-module code="Kerberos" flag="required"> <module-option name="storeKey" value="true"/> <module-option name="useKeyTab" value="true"/> <module-option name="principal" value="host/testserver@MY_REALM"/> <module-option name="keyTab" value="/path/to/service.keytab"/> <module-option name="doNotPrompt" value="true"/> <module-option name="debug" value="false"/> </login-module> </authentication> </security-domain>
Then data source like
<datasources> <datasource jndi-name="java:/sqlserverDS" pool-name="sqlserverDS"> <driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class> <connection-url>jdbc:microsoft:sqlserver://{host}:1433</connection-url> <driver>sqljdbc4.jar</driver> <pool> <prefill>false</prefill> <use-strict-min>false</use-strict-min> <flush-strategy>FailingConnectionOnly</flush-strategy> </pool> <security> <security-domain>host</security-domain> </security> </datasource> </datasources>