-
Bug
-
Resolution: Done
-
Critical
-
None
In domain mode, the server instances cannot find the keytab if the ApplicationRealm is configured to use kerberos as the server-identity:
<security-realm name="ApplicationRealm"> <server-identities> <kerberos> <keytab principal="remote/imahost.imadomain.net@VM29" path="/path/to/keytab"/> </kerberos> </server-identities> <authentication> <kerberos remove-realm="true"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/> </authorization> </security-realm>
This results in the following error and the server instances fail to start:
[Server:server-one] 15:10:35,360 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("validate-authentication") failed - address: ([
[Server:server-one] ("core-service" => "management"),
[Server:server-one] ("security-realm" => "ApplicationRealm")
[Server:server-one] ]) - failure description: "WFLYDM0094: Kerberos is enabled for authentication on security realm 'ApplicationRealm' but no Keytab has been added to the server-identity."
[Server:server-one] 15:10:35,376 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
- clones
-
JBEAP-5304 (7.1.0) server instances cannot find keytab during domain startup
- Verified
- incorporates
-
WFCORE-1495 server instances cannot find keytab during domain startup
- Resolved
- is incorporated by
-
JBEAP-4647 (7.0.z) Upgrade WildFly Core from 2.1.6 to 2.1.8
- Verified