[jboss-jira] [JBoss JIRA] (WFLY-7334) Elytron kerberos implementation ignore java.security.krb5.* system properties
[
https://issues.jboss.org/browse/WFLY-7334?page=com.atlassian.jira.plugin....
]
Martin Choma commented on WFLY-7334:
------------------------------------
I have attached {{standalone-elytron.xml}}, for which I don't see java kerberos debug
messages, even if I start wildfly with {code}./standalone.sh
-Djava.security.krb5.debug=true{code} .
Only way I can get debug messages in log:
{code}
12:34:22,641 INFO [stdout] (default task-1) Debug is true storeKey true useTicketCache
false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is
/home/mchoma/tasks/20161017_elytron_kerberos/jboss_server_base_dir_eap7/configuration/http.keytab
refreshKrb5Config is false principal is HTTP/localhost.localdomain(a)JBOSS.ORG tryFirstPass
is false useFirstPass is false storePass is false clearPass is false
12:34:22,643 INFO [stdout] (default task-1) principal is
HTTP/localhost.localdomain(a)JBOSS.ORG
12:34:22,643 INFO [stdout] (default task-1) Will use keytab
12:34:22,644 INFO [stdout] (default task-1) Commit Succeeded
12:34:22,644 INFO [stdout] (default task-1)
{code}
is to set {{debug}} attribute of {{kerberos-security-factory}} to true
Elytron kerberos implementation ignore java.security.krb5.* system
properties
-----------------------------------------------------------------------------
Key: WFLY-7334
URL: https://issues.jboss.org/browse/WFLY-7334
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 11.0.0.Alpha1
Reporter: Martin Choma
Assignee: Jan Kalina
Priority: Critical
Attachments: standalone-elytron.xml
I don't see any behavior change, when I set standard java.security.krb5.* system
properties. Trying to set properties in both ways:
* command line
{code}
-Djava.security.krb5.conf=/unreal/path -Djava.security.krb5.debug=true
-Djava.security.krb5.kdc=wrong.kdc -Djava.security.krb5.realm=REDHAT.COM
{code}
* standalone.xml
{code}
<property name="java.security.krb5.conf"
value="/etc/krb5.confBUG"/>
<property name="java.security.krb5.kdc"
value="localhost.localhostBUG"/>
<property name="java.security.krb5.realm"
value="JBOSS.ORGBUG"/>
<property name="java.security.krb5.debug"
value="true"/>
{code}
Biggest problem as I see is user is unable to change {{krb5.conf}} location. In legacy
security solution it was possible.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)