]
Tristan Tarrant reassigned ISPN-4397:
-------------------------------------
Assignee: Tristan Tarrant
HR server is not able to connect to KDC server
----------------------------------------------
Key: ISPN-4397
URL:
https://issues.redhat.com/browse/ISPN-4397
Project: Infinispan
Issue Type: Bug
Components: Server
Reporter: Vojtech Juranek
Assignee: Tristan Tarrant
Priority: Major
After upgrade to WildFly 8.1 (commit
[
2eb84c2824d82530e508b2063409b1d22225772d|https://github.com/infinispan/in...]),
HotRod server endpoint is not able to connect to KDC server (when kerberos sasl
server-context-name name is specified) and startup teh the HR server fails with
{noformat}
Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:763)
[rt.jar:1.7.0_45]
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584)
[rt.jar:1.7.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_45]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_45]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
[rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
[rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
[rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
[rt.jar:1.7.0_45]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
[rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
[rt.jar:1.7.0_45]
at
org.infinispan.server.endpoint.subsystem.ProtocolServerService.getServerSubject(ProtocolServerService.java:235)
at
org.infinispan.server.endpoint.subsystem.ProtocolServerService.start(ProtocolServerService.java:126)
... 5 more
Caused by: KrbException: Cannot locate KDC
at sun.security.krb5.Config.getKDCList(Config.java:1236) [rt.jar:1.7.0_45]
at sun.security.krb5.KdcComm.send(KdcComm.java:210) [rt.jar:1.7.0_45]
at sun.security.krb5.KdcComm.send(KdcComm.java:191) [rt.jar:1.7.0_45]
at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319)
[rt.jar:1.7.0_45]
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:364)
[rt.jar:1.7.0_45]
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:735)
[rt.jar:1.7.0_45]
... 19 more
Caused by: KrbException: Generic error (description in e-text) (60) - Unable to locate
KDC for realm
INFINISPAN.ORG
at sun.security.krb5.Config.getKDCFromDNS(Config.java:1333) [rt.jar:1.7.0_45]
at sun.security.krb5.Config.getKDCList(Config.java:1209) [rt.jar:1.7.0_45]
... 24 more
{noformat}
In this case KDC run on port 6088 and it's very likely (more in-depth investigation
is needed), that krb client used by server ignores path to krb setup (env. var
{{java.security.krb5.conf}}) and tried to connect to port 88. This seems to be a bug in
WildFly 8.1.