On Wed, 2022-12-07 at 22:34 +0100, Michael Osipov wrote: > Am 2022-12-07 um 21:34 schrieb Luis Gabriel Gomez: > > Hi > > > > I'm trying to establish a connection via a Kerberos authenticated > > proxy; I > > have a working code based on the 4.x client which works with > > minimal setup > > using a noop Credential (use_jaas_creds), this way the client > > authenticates > > via its ExtendedGSSManager and JAAS: > > > > CredentialsProvider credsProvider = new > > BasicCredentialsProvider(); > > credsProvider.setCredentials(new AuthScope(null, -1, > > null), > > use_jaas_creds); > > Registry<AuthSchemeProvider> authSchemeRegistry = > > RegistryBuilder > > .<AuthSchemeProvider>create() > > .register(AuthSchemes.SPNEGO, new > > SPNegoSchemeFactory(true)) > > .build(); > > > > I'm trying to perform the same in 5.x but facing some issues > > > > final Credentials use_jaas_creds = new > > UseJaasCredentials(); > > credentialsProvider.setCredentials(new > > AuthScope(null, null, -1, null, null), > > use_jaas_creds); > > final Registry<AuthSchemeFactory> authSchemeRegistry = > > RegistryBuilder.<AuthSchemeFactory>create() > > .register(StandardAuthScheme.SPNEGO, > > kerberosSchemeFactory) > > .build(); > > > > Setup is roughly the same, with the addition of the > > kerberosSchemeFactory > > buildup which is omitted for brevity. Request goes to target host > > but > > doesn't go through the proxy, so which else may I have missed? I'm > > suspicious of the AuthScope needing the full proxy information now > > but I'm > > unsure. > > > > On another note, with the 5.3 deprecation of SPNEGO support, is > > there still > > gonna be a way to plug in support for these authenticators on > > clients that > > still need it once it's finally remove? > > Luis, > > please read my message a couple of days ago regarding this topic. > > Doing the proper JGSS code yourself requires ~ 20 LoC. There is no > magic. >
Luis One more thing. If you have a functional setup with HC 4, run with the context / wire logging on, and compare the log with that produced with HC 5. This should help you understand the differences in behavior between the two versions. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
