Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-5304

(7.1.0) server instances cannot find keytab during domain startup

XMLWordPrintable

      In domain mode, the server instances cannot find the keytab if the ApplicationRealm is configured to use kerberos as the server-identity:

                  <security-realm name="ApplicationRealm">                                                                                                                               
              <server-identities>                                                                                                                                                  
                <kerberos>                                                                                                                                                         
                  <keytab principal="remote/imahost.imadomain.net@VM29" path="/path/to/keytab"/>                                                       
                </kerberos>                                                                                                                                                        
              </server-identities>                                                                                                                                                              
              <authentication>                                                                                                                                                                     
                <kerberos remove-realm="true"/>                                                                                                                                    
              </authentication>                                                                                                                                                    
              <authorization>                                                                                                                                                      
                <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>                                                                                                   
               </authorization>                                                                                                                                                     
            </security-realm>

      This results in the following error and the server instances fail to start:

      [Server:server-one] 15:10:35,360 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("validate-authentication") failed - address: ([
      [Server:server-one] ("core-service" => "management"),
      [Server:server-one] ("security-realm" => "ApplicationRealm")
      [Server:server-one] ]) - failure description: "WFLYDM0094: Kerberos is enabled for authentication on security realm 'ApplicationRealm' but no Keytab has been added to the server-identity."
      [Server:server-one] 15:10:35,376 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.

            rhn-cservice-bbaranow Bartosz Baranowski
            rhn-cservice-bbaranow Bartosz Baranowski
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 4 hours
                4h
                Remaining:
                Remaining Estimate - 4 hours
                4h
                Logged:
                Time Spent - Not Specified
                Not Specified