Details
-
Bug
-
Resolution: Obsolete
-
Major
-
None
-
None
-
None
Description
After upgrade to WildFly 8.1 (commit 2eb84c2824d82530e508b2063409b1d22225772d), HotRod server endpoint is not able to connect to KDC server (when kerberos sasl server-context-name name is specified) and startup teh the HR server fails with
Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:763) [rt.jar:1.7.0_45]
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584) [rt.jar:1.7.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_45]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_45]
at org.infinispan.server.endpoint.subsystem.ProtocolServerService.getServerSubject(ProtocolServerService.java:235)
at org.infinispan.server.endpoint.subsystem.ProtocolServerService.start(ProtocolServerService.java:126)
... 5 more
Caused by: KrbException: Cannot locate KDC
at sun.security.krb5.Config.getKDCList(Config.java:1236) [rt.jar:1.7.0_45]
at sun.security.krb5.KdcComm.send(KdcComm.java:210) [rt.jar:1.7.0_45]
at sun.security.krb5.KdcComm.send(KdcComm.java:191) [rt.jar:1.7.0_45]
at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319) [rt.jar:1.7.0_45]
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:364) [rt.jar:1.7.0_45]
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:735) [rt.jar:1.7.0_45]
... 19 more
Caused by: KrbException: Generic error (description in e-text) (60) - Unable to locate KDC for realm INFINISPAN.ORG
at sun.security.krb5.Config.getKDCFromDNS(Config.java:1333) [rt.jar:1.7.0_45]
at sun.security.krb5.Config.getKDCList(Config.java:1209) [rt.jar:1.7.0_45]
... 24 more
In this case KDC run on port 6088 and it's very likely (more in-depth investigation is needed), that krb client used by server ignores path to krb setup (env. var java.security.krb5.conf) and tried to connect to port 88. This seems to be a bug in WildFly 8.1.
