Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1541

local-kerberos CredentialSource does not work with IBM java

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • 1.2.3.Final
    • Credentials
    • Hide

      Configure kerberos authentication by https://hkalina.github.io/2018/01/02/kerberos/ and try to login into CLI - works for Oracle JDK but fails for IBM JDK:

      JAVA_HOME=/opt/ibm-java-x86_64-80 bin/jboss-cli.sh -c -Dwildfly.config.url=../kerberos-using-apacheds/wildfly-config.xml --no-local-auth -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.krb5.conf=.../kerberos-using-apacheds/krb5.conf :whoami
      Show
      Configure kerberos authentication by https://hkalina.github.io/2018/01/02/kerberos/ and try to login into CLI - works for Oracle JDK but fails for IBM JDK: JAVA_HOME=/opt/ibm-java-x86_64-80 bin/jboss-cli.sh -c -Dwildfly.config.url=../kerberos-using-apacheds/wildfly-config.xml --no-local-auth -Djavax.security.auth.useSubjectCredsOnly= false -Djava.security.krb5.conf=.../kerberos-using-apacheds/krb5.conf :whoami

      When trying to connect as with Oracle JDK, following error occure:

      Failed to connect to the controller: Unable to authenticate against controller at localhost:9990: ELY05053: Callback handler failed for unknown reason: java.lang.reflect.UndeclaredThrowableException: org.ietf.jgss.GSSException, major code: 11, minor code: 0
	major string: General failure, unspecified at GSSAPI level
	minor string: Cannot get credential for principal default principal

      This is probably related to missing useDefaultCcache JAAS config (false by default):
      https://www.ibm.com/support/knowledgecenter/en/SSYKE2_6.0.0/com.ibm.java.security.component.60.doc/security-component/jgssDocs/jaas_login_user.html

              jkalina@redhat.com Jan Kalina (Inactive)
              jkalina@redhat.com Jan Kalina (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: