Description of problem: In domain mode, the server instances cannot find the keytab if the ApplicationRealm is configured to use kerberos as the server-identity: <security-realm name="ApplicationRealm"> <server-identities> <kerberos> <keytab principal="remote/imahost.imadomain.net@VM29" path="/path/to/keytab"/> </kerberos> </server-identities> <authentication> <kerberos remove-realm="true"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/> </authorization> </security-realm> This results in the following error and the server instances fail to start: [Server:server-one] 12:46:45,315 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: Operation ("validate-authentication") failed - address: ([ [Server:server-one] ("core-service" => "management"), [Server:server-one] ("security-realm" => "ApplicationRealm") [Server:server-one] ]) - failure description: "JBAS021009: Kerberos is enabled for authentication on security realm 'ApplicationRealm' but no Keytab has been added to the server-identity." [Server:server-one] 12:46:45,319 FATAL [org.jboss.as.server] (Controller Boot Thread) JBAS015957: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details. [Server:server-one] 12:46:45,342 INFO [org.jboss.as] (MSC service thread 1-4) JBAS015950: JBoss EAP 6.4.7.GA (AS 7.5.7.Final-redhat-3) stopped in 18ms
PR: https://github.com/jbossas/jboss-eap/pull/2780
Verified with EAP 6.4.9.CP.CR1
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.