Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Description
In domain mode, the server instances cannot find the keytab if the ApplicationRealm is configured to use kerberos as the server-identity:
<security-realm name="ApplicationRealm"> <server-identities> <kerberos> <keytab principal="remote/imahost.imadomain.net@VM29" path="/path/to/keytab"/> </kerberos> </server-identities> <authentication> <kerberos remove-realm="true"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/> </authorization> </security-realm>
This results in the following error and the server instances fail to start:
[Server:server-one] 15:10:35,360 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("validate-authentication") failed - address: ([
[Server:server-one] ("core-service" => "management"),
[Server:server-one] ("security-realm" => "ApplicationRealm")
[Server:server-one] ]) - failure description: "WFLYDM0094: Kerberos is enabled for authentication on security realm 'ApplicationRealm' but no Keytab has been added to the server-identity."
[Server:server-one] 15:10:35,376 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
Attachments
Issue Links
- is cloned by
-
-
- Verified
-
- is incorporated by
-
-
- Verified
-
