In case when kerberos authentication is correctly configured in security realm [1] and Management CLI which runs with JDK 1.6 tries to connected then following exception is thrown: Exception in thread "Remoting "cli-client" task-1" java.lang.SecurityException: Unable to locate a login configuration at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:357) at java.lang.Class.newInstance(Class.java:310) at javax.security.auth.login.Configuration$3.run(Configuration.java:247) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242) at sun.security.jgss.LoginConfigImpl$1.run(LoginConfigImpl.java:47) at sun.security.jgss.LoginConfigImpl$1.run(LoginConfigImpl.java:45) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jgss.LoginConfigImpl.<init>(LoginConfigImpl.java:44) at sun.security.jgss.GSSUtil.login(GSSUtil.java:244) at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:136) at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:328) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:325) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:128) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106) at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172) at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities$2$1.run(ClientConnectionOpenListener.java:463) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities$2$1.run(ClientConnectionOpenListener.java:459) at java.security.AccessController.doPrivileged(Native Method) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities$2.run(ClientConnectionOpenListener.java:459) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) at java.lang.Thread.run(Thread.java:662) Caused by: java.io.IOException: Unable to locate a login configuration at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:250) at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91) ... 32 more How to reproduce: 1) configure kerberos authentication for Management Realm with wrong configured principal 2) start Kerberos server and EAP, try to authenticate into Management CLI with JDK 1.7 - works fine 3) disconnect from Management CLI 4) try to authenticate into Management CLI with JDK 1.6 - mentioned above exception is thrown I request blocker flag since this issue is blocking certification [1] for JDK6. [1] http://darranl.blogspot.cz/2014/11/wildfly-9-kerberos-authentication-with.html [2] https://mojo.redhat.com/docs/DOC-48621
*** Bug 1168921 has been marked as a duplicate of this bug. ***
What is the exact Java version this error is being reported from? Reviewing some of the source for Java 6 the error reported here should actually not be reported but that may only be in a later version.
java -version >>> java version "1.6.0_45" Java(TM) SE Runtime Environment (build 1.6.0_45-b06) Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
I have a change in WildFly that should cover this but I can not run WildFly on Java 6 so will need to test a backport.
Verified in EAP 6.4.0.DR13.
John Doyle <jdoyle> updated the status of jira EAP6-174 to Closed