Kerberos realm should support kerberos oid #34763
Assignees
Labels
:Security/Authentication
Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
Comments
jaymode
added
the
:Security/Authentication
|
Pinging @elastic/es-security |
bizybot
pushed a commit
to bizybot/elasticsearch
that referenced
this issue
Nov 21, 2018
Clients can use the Kerberos V5 security mechanism and when it used this to establish security context it failed to do so as Elasticsearch server only accepted Spengo mechanism. This commit adds support to accept Kerberos V5 credentials over spnego. Closes elastic#34763
bizybot
added a commit
to bizybot/elasticsearch
that referenced
this issue
Nov 28, 2018
Clients can use the Kerberos V5 security mechanism and when it used this to establish security context it failed to do so as Elasticsearch server only accepted Spengo mechanism. This commit adds support to accept Kerberos V5 credentials over spnego. Closes elastic#34763
bizybot
added a commit
that referenced
this issue
Nov 28, 2018
Clients can use the Kerberos V5 security mechanism and when it used this to establish security context it failed to do so as Elasticsearch server only accepted Spengo mechanism. This commit adds support to accept Kerberos V5 credentials over spnego. Closes #34763
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The kerberos realm currently only supports the SPNEGO Oid as the credential type for the gss mechanism, but there is also another well known Oid value that we should request the credentials for, which is the Kerberos V5 Oid:
1.2.840.113554.1.2.2. We can pass both Oid values as an array when creating the credentials.The text was updated successfully, but these errors were encountered: