Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-5304

(7.1.0) server instances cannot find keytab during domain startup

XMLWordPrintable

      In domain mode, the server instances cannot find the keytab if the ApplicationRealm is configured to use kerberos as the server-identity:

                  <security-realm name="ApplicationRealm">                                                                                                                               
              <server-identities>                                                                                                                                                  
                <kerberos>                                                                                                                                                         
                  <keytab principal="remote/imahost.imadomain.net@VM29" path="/path/to/keytab"/>                                                       
                </kerberos>                                                                                                                                                        
              </server-identities>                                                                                                                                                              
              <authentication>                                                                                                                                                                     
                <kerberos remove-realm="true"/>                                                                                                                                    
              </authentication>                                                                                                                                                    
              <authorization>                                                                                                                                                      
                <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>                                                                                                   
               </authorization>                                                                                                                                                     
            </security-realm>

      This results in the following error and the server instances fail to start:

      [Server:server-one] 15:10:35,360 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("validate-authentication") failed - address: ([
      [Server:server-one] ("core-service" => "management"),
      [Server:server-one] ("security-realm" => "ApplicationRealm")
      [Server:server-one] ]) - failure description: "WFLYDM0094: Kerberos is enabled for authentication on security realm 'ApplicationRealm' but no Keytab has been added to the server-identity."
      [Server:server-one] 15:10:35,376 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.

              rhn-cservice-bbaranow Bartosz Baranowski
              rhn-cservice-bbaranow Bartosz Baranowski
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - 4 hours
                  4h
                  Remaining:
                  Remaining Estimate - 4 hours
                  4h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified