]
Galder Zamarreño updated ISPN-4298:
-----------------------------------
Status: Resolved (was: Pull Request Sent)
Fix Version/s: 7.0.0.Beta1
Resolution: Done
HotRod kerberos auth doesn't see the ticket when creating
RemoteCachManager
---------------------------------------------------------------------------
Key: ISPN-4298
URL:
https://issues.jboss.org/browse/ISPN-4298
Project: Infinispan
Issue Type: Bug
Components: Server
Reporter: Vojtech Juranek
Assignee: Tristan Tarrant
Fix For: 7.0.0.Beta1
When HR client obtains initial GSSAPI challenge (usually when creating
{{RemoteCachManager}}), it fails with
{noformat}
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos
tgt)]
at
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212)
at
org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:67)
at
org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:25)
at
org.apache.commons.pool.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:1220)
at
org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.borrowTransportFromPool(TcpTransportFactory.java:306)
... 109 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos tgt)
at
sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121)
at
sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193)
... 113 more
{noformat}
When the code is wrapped by {{PrivilegedExceptionAction}}, e.g.
{code}
final Configuration config = getRemoteCacheManagerConfig(subj);
Subject.doAs(subj, new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
remoteCacheManager = new RemoteCacheManager(config, true);
return null;
}
});
{code}
everything works fine