Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-707

Variable expansion is not supported in the module-option of the Kerberos login-module

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • None
    • None
    • Workaround Exists
    • Hide

      To make it work, I have to explicitly fill the absolute full path of my keytab file.

      Show
      To make it work, I have to explicitly fill the absolute full path of my keytab file.

    Description

      This configuration is not valid :

      <security-domain name="host" cache-type="default">
      <authentication>
      <login-module code="Kerberos" flag="required">
      <module-option name="storeKey" value="true"/>
      <module-option name="useKeyTab" value="true"/>
      <module-option name="principal" value="HTTP/ip-192-168-122-4.cloud.local"/>
      <module-option name="keyTab" value="${jboss.server.config.dir}/krb5.keytab"/>
      <module-option name="doNotPrompt" value="false"/>
      <module-option name="debug" value="true"/>
      </login-module>
      </authentication>
      </security-domain>

      It fails with the following exception :
      10:28:52,710 INFO [stdout] (http-/0.0.0.0:8080-1) Key for the principal HTTP/ip-192-168-122-4.cloud.local@CLOUD.LOCAL not available in ${jboss.server.config.dir}/krb5.keytab
      10:28:52,711 INFO [stdout] (http-/0.0.0.0:8080-1) [Krb5LoginModule] authentication failed

      => the variable "${jboss.server.config.dir}" is not expanded.

      Attachments

        Activity

          People

            Unassigned Unassigned
            raoulpetitpied guillaume cornet (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: