Securing JBoss EAP 6.1 Datasource with Kerberos

Latest response

We are having trouble getting Kerberos authentication for a JDBC Datasource to work in JBoss EAP 6.1.

From what we have found, JBoss cannot use Kerberos authentication for JDBC data sources. It is looking for PasswordCredentials from the security domain configured on the data source. The specific component in JBoss that has this issue is ironjacamar.

Is there a workaround for this issue or a patch that can be applied to get Kerberos authentication to work for a JDBC datasource in JBoss EAP 6.1?

Responses

Hi

This isn't supported in JBoss as you have mentioned. To investigate workarounds (that may not be supported) I suggest you raise a support case so we can look in to it some more. At the moment I do not believe there is a supported way of doing this and we are looking in to this feature for EAP 6.4.

Thank you. We have opened a support case.

Just to confirm: EAP 6.4 will support this providing obviously the database vendor has full support for it in their JDBC driver.
Full docs should become available when 6.4 goes out.

More details: You need EAP 6.4.4 and you should use org.jboss.security.negotiation.KerberosLoginModule (not the Krb5LoginModule from Java runtime).