| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Kerberos with MQTT |
« View previous topic :: View next topic » |
| Author |
Message
|
| pintrader |
 Posted: Sat Feb 08, 2014 12:07 am Post subject: Kerberos with MQTT |
 |
|
Disciple
Joined: 22 Jan 2014
Posts: 164
|
hi
suppose I want to use kerberos authentication with MQTT so I set the JAAS config when creating the MQTT channel. And in the config file I use
| Code: |
MQXRConfig {com.ibm.security.auth.module.Krb5LoginModule required
principal=principal@your_realm
useDefaultCcache=TRUE
renewTGT=true;
};
|
as shown in the official doc. but by using this method, the principal I will have to specify hard coded. and using "useDefaultCache" = true , the mqm user is always the one being authenticated. The other way is to use "useCcache", but this option i need to use the location of the cache credential file.
I am validating my users through an AD, and by right, if I use Sun's Java version of Krb5LoginModule, there is supposedly a "useTicketCache" option which I can use and it suppposed to use the correct user ticket credential for authentication.
My question is, I don't want to use "useCcache" for ibm version, what other ways can i achieve what I want? I just need to authenticate an AD user via MQTT, seamlessly.
I have thought of using just ktab to generate a keytab file and when I have new users, i can always add their credentials inside this keytab file eg
but am not sure if this is correct approach.
thanks |
|
| Back to top |
|
 |
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
