Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-1495

server instances cannot find keytab during domain startup

XMLWordPrintable

      In domain mode, the server instances cannot find the keytab if the ApplicationRealm is configured to use kerberos as the server-identity:

                  <security-realm name="ApplicationRealm">                                                                                                                               
              <server-identities>                                                                                                                                                  
                <kerberos>                                                                                                                                                         
                  <keytab principal="remote/imahost.imadomain.net@VM29" path="/path/to/keytab"/>                                                       
                </kerberos>                                                                                                                                                        
              </server-identities>                                                                                                                                                              
              <authentication>                                                                                                                                                                     
                <kerberos remove-realm="true"/>                                                                                                                                    
              </authentication>                                                                                                                                                    
              <authorization>                                                                                                                                                      
                <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>                                                                                                   
               </authorization>                                                                                                                                                     
            </security-realm>

      This results in the following error and the server instances fail to start:

      [Server:server-one] 15:10:35,360 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("validate-authentication") failed - address: ([
      [Server:server-one] ("core-service" => "management"),
      [Server:server-one] ("security-realm" => "ApplicationRealm")
      [Server:server-one] ]) - failure description: "WFLYDM0094: Kerberos is enabled for authentication on security realm 'ApplicationRealm' but no Keytab has been added to the server-identity."
      [Server:server-one] 15:10:35,376 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.

              vpakan Vlado Pakan (Inactive)
              rhn-support-dehort Derek Horton
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - 4 days
                  4d
                  Remaining:
                  Time Spent - 3 days, 4 hours Remaining Estimate - 4 hours
                  4h
                  Logged:
                  Time Spent - 3 days, 4 hours Remaining Estimate - 4 hours
                  3d 4h