We encountered https://confluence.atlassian.com/jirakb/how-to-fix-gadget-titles-showing-as-__msg_gadget-813697086.html and noticed that the requests JIRA makes to itself are not authenticated with Kerberos. We tried adding some things to the file specified with the property:
java.security.auth.login.config
We have:
com.sun.security.jgss.login {
com.sun.security.auth.module.GssLoginModule required client=TRUE initiate=true;
};
com.sun.security.jgss.initiate {
com.sun.security.auth.module.GssLoginModule required client=TRUE initiate=true;
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.GssLoginModule required client=TRUE accept=true;
};
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.GssLoginModule required client=TRUE initiate=true;
};
com.sun.security.jgss.krb5.accept {
com.sun.security.auth.module.GssLoginModule required client=TRUE accept=true;
};
krbLogin{
com.sun.security.auth.module.GssLoginModule required doNotPrompt=false debug=true useTicketCache=false;
};We do have Kerberos authentication working to our database via this section of that file:
SQLJDBCDriver {
com.sun.security.auth.module.GssLoginModule required initiate=true;
};What configuration can we add to make the http requests authenticate?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.