Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-4273

[GSS](7.0.z) server instances cannot find keytab during domain startup

XMLWordPrintable

    • EAP 7.0.2

      In domain mode, the server instances cannot find the keytab if the ApplicationRealm is configured to use kerberos as the server-identity:

                  <security-realm name="ApplicationRealm">                                                                                                                               
                    <server-identities>                                                                                                                                                  
                      <kerberos>                                                                                                                                                         
                        <keytab principal="remote/imahost.imadomain.net@VM29" path="/path/to/keytab"/>                                                       
                      </kerberos>                                                                                                                                                        
                    </server-identities>                                                                                                                                                              
                    <authentication>                                                                                                                                                                     
                      <kerberos remove-realm="true"/>                                                                                                                                    
                    </authentication>                                                                                                                                                    
                    <authorization>                                                                                                                                                      
                      <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>                                                                                                   
                     </authorization>                                                                                                                                                     
                  </security-realm> 
      

      This results in the following error and the server instances fail to start:

      [Server:server-one] 15:10:35,360 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("validate-authentication") failed - address: ([
      [Server:server-one] ("core-service" => "management"),
      [Server:server-one] ("security-realm" => "ApplicationRealm")
      [Server:server-one] ]) - failure description: "WFLYDM0094: Kerberos is enabled for authentication on security realm 'ApplicationRealm' but no Keytab has been added to the server-identity."
      [Server:server-one] 15:10:35,376 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.

              vpakan Vlado Pakan (Inactive)
              rhn-support-dehort Derek Horton
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - 4 hours
                  4h
                  Remaining:
                  Time Spent - 2 hours Remaining Estimate - 2 hours
                  2h
                  Logged:
                  Time Spent - 2 hours Remaining Estimate - 2 hours
                  2h