[jboss-jira] [JBoss JIRA] (ELY-1541) local-kerberos CredentialSource does not work with IBM java
[
https://issues.jboss.org/browse/ELY-1541?page=com.atlassian.jira.plugin.s...
]
Jan Kalina updated ELY-1541:
----------------------------
Comment: was deleted
(was: Also direct username+password for kerberos account can be passed into Kerberos -
maybe we should allow this with AuthenticationContext callback handler:
{code:java}
LoginContext lc = new LoginContext("KDC", subject, (callbacks) -> {
// can be ommited if credential present in ccache
for (Callback c : callbacks) {
if (c instanceof NameCallback) {
((NameCallback)c).setName("hnelson(a)JBOSS.ORG");
} else if (c instanceof PasswordCallback) {
((PasswordCallback)c).setPassword("secret".toCharArray());
} else {
throw new UnsupportedCallbackException(c);
}
}
}, configuration);
{code})
local-kerberos CredentialSource does not work with IBM java
-----------------------------------------------------------
Key: ELY-1541
URL: https://issues.jboss.org/browse/ELY-1541
Project: WildFly Elytron
Issue Type: Bug
Components: Credentials
Affects Versions: 1.2.3.Final
Reporter: Jan Kalina
Assignee: Jan Kalina
Labels: ibm-java
Why trying to connect as with Oracle JDK, following error follows:
{code}
Failed to connect to the controller: Unable to authenticate against controller at
localhost:9990: ELY05053: Callback handler failed for unknown reason:
java.lang.reflect.UndeclaredThrowableException: org.ietf.jgss.GSSException, major code:
11, minor code: 0
major string: General failure, unspecified at GSSAPI level
minor string: Cannot get credential for principal default principal
{code}
This is probably related to missing *useDefaultCcache* JAAS config (false by default):
https://www.ibm.com/support/knowledgecenter/en/SSYKE2_6.0.0/com.ibm.java....
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)