1328997 – [GSS] (6.4.z) server instances cannot find keytab during domain startup

Bug 1328997 - [GSS] (6.4.z) server instances cannot find keytab during domain startup

Summary: [GSS] (6.4.z) server instances cannot find keytab during domain startup

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Domain Management
Sub Component:
Version:	6.4.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	CR1
Target Release:	EAP 6.4.9
Assignee:	Miroslav Sochurek
QA Contact:	Martin Simka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	eap649-payload
TreeView+	depends on / blocked

Reported:	2016-04-20 20:32 UTC by dhorton
Modified:	2019-11-14 07:50 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-01-17 12:57:27 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	JBEAP-4273	Critical	Verified	[GSS](7.0.z) server instances cannot find keytab during domain startup	2017-03-24 19:38:08 UTC
Red Hat Issue Tracker	WFCORE-1495	Major	Resolved	server instances cannot find keytab during domain startup	2017-03-24 19:38:08 UTC
Red Hat Knowledge Base (Solution)	2411661	None	None	None	2016-06-28 20:23:07 UTC

Description dhorton 2016-04-20 20:32:24 UTC

Description of problem:

In domain mode, the server instances cannot find the keytab if the ApplicationRealm is configured to use kerberos as the server-identity:

<security-realm name="ApplicationRealm"> 
  <server-identities> 
    <kerberos> 
      <keytab principal="remote/imahost.imadomain.net@VM29" path="/path/to/keytab"/> 
    </kerberos> 
  </server-identities> 
  <authentication> 
    <kerberos remove-realm="true"/> 
  </authentication> 
  <authorization> 
    <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/> 
  </authorization> 
</security-realm>

This results in the following error and the server instances fail to start:

[Server:server-one] 12:46:45,315 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: Operation ("validate-authentication") failed - address: ([
[Server:server-one]     ("core-service" => "management"),
[Server:server-one]     ("security-realm" => "ApplicationRealm")
[Server:server-one] ]) - failure description: "JBAS021009: Kerberos is enabled for authentication on security realm 'ApplicationRealm' but no Keytab has been added to the server-identity."
[Server:server-one] 12:46:45,319 FATAL [org.jboss.as.server] (Controller Boot Thread) JBAS015957: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
[Server:server-one] 12:46:45,342 INFO  [org.jboss.as] (MSC service thread 1-4) JBAS015950: JBoss EAP 6.4.7.GA (AS 7.5.7.Final-redhat-3) stopped in 18ms

Comment 1 Vlado Pakan 2016-06-03 06:59:58 UTC

PR: https://github.com/jbossas/jboss-eap/pull/2780

Comment 4 Ivo Hradek 2016-06-22 11:06:11 UTC

Verified with EAP 6.4.9.CP.CR1

Comment 6 Petr Penicka 2017-01-17 12:57:27 UTC

Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.

Comment 7 Petr Penicka 2017-01-17 12:58:17 UTC

Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.

Note You need to log in before you can comment on or make changes to this bug.