Bug 1161589
Summary: | Kerberos auth for management over HTTP/HTTPS does not work with IBM java | ||
---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Ondrej Lukas <olukas> |
Component: | Domain Management | Assignee: | Darran Lofthouse <darran.lofthouse> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavel Slavicek <pslavice> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.4.0 | CC: | dandread, kkhan |
Target Milestone: | DR12 | ||
Target Release: | EAP 6.4.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-19 12:46:19 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ondrej Lukas
2014-11-07 12:05:42 UTC
Darran Lofthouse <darran.lofthouse> updated the status of jira WFCORE-260 to Coding In Progress Verification failed in EAP 6.4.0.DR11. IBM JDK 7 works fine. IBM JDK 6 still does not work. It is blocking certification [1] for IBM JDK6. During access to Management Console with IBM JDK6 fails with: ERROR [org.jboss.as.domain.management.security] (HttpManagementService-threads - 3) JBAS015208: Login failed using Keytab for principal 'HTTP/localhost' to handle request for host 'localhost': javax.security.auth.login.LoginException: Bad JAAS configuration: noAddress option not compatible with credsType {0} at com.ibm.security.jgss.i18n.I18NException.throwLoginException(I18NException.java:29) [ibmjgssprovider.jar:6.0] at com.ibm.security.auth.module.Krb5LoginModule.i(Krb5LoginModule.java:23) [ibmjgssprovider.jar:6.0] at com.ibm.security.auth.module.Krb5LoginModule.a(Krb5LoginModule.java:355) [ibmjgssprovider.jar:6.0] at com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:272) [ibmjgssprovider.jar:6.0] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) [rt.jar:1.6.0] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) [rt.jar:1.6.0] at java.lang.reflect.Method.invoke(Method.java:611) [rt.jar:1.6.0] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795) [rt.jar:1.6.0] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209) [rt.jar:1.6.0] at javax.security.auth.login.LoginContext$5.run(LoginContext.java:732) [rt.jar:1.6.0] at java.security.AccessController.doPrivileged(AccessController.java:310) [vm.jar:] at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:729) [rt.jar:1.6.0] at javax.security.auth.login.LoginContext.login(LoginContext.java:599) [rt.jar:1.6.0] at org.jboss.as.domain.management.security.KeytabService.createSubjectIdentity(KeytabService.java:198) [jboss-as-domain-management-7.5.0.Final-redhat-13.jar:7.5.0.Final-redhat-13] at org.jboss.as.domain.management.security.KeytabIdentityFactoryService.getSubjectIdentity(KeytabIdentityFactoryService.java:142) [jboss-as-domain-management-7.5.0.Final-redhat-13.jar:7.5.0.Final-redhat-13] at org.jboss.as.domain.management.security.SecurityRealmService.getSubjectIdentity(SecurityRealmService.java:240) [jboss-as-domain-management-7.5.0.Final-redhat-13.jar:7.5.0.Final-redhat-13] at org.jboss.as.domain.http.server.security.SpnegoAuthenticator.authenticate(SpnegoAuthenticator.java:155) [jboss-as-domain-http-interface-7.5.0.Final-redhat-13.jar:7.5.0.Final-redhat-13] at org.jboss.sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:64) at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:710) at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:78) at org.jboss.as.domain.http.server.RealmReadinessFilter.doFilter(RealmReadinessFilter.java:48) [jboss-as-domain-http-interface-7.5.0.Final-redhat-13.jar:7.5.0.Final-redhat-13] at org.jboss.as.domain.http.server.DmrFailureReadinessFilter.doFilter(DmrFailureReadinessFilter.java:45) [jboss-as-domain-http-interface-7.5.0.Final-redhat-13.jar:7.5.0.Final-redhat-13] at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:682) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:908) [rt.jar:1.6.0] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:931) [rt.jar:1.6.0] at java.lang.Thread.run(Thread.java:738) [vm.jar:1.6.0] at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.2.Final-redhat-1.jar:2.1.2.Final-redhat-1] [1] https://mojo.redhat.com/docs/DOC-48621 Verified in EAP 6.4.0.DR12. |