CLI + Kerberos authentication fails in CD13 ------------------------------------------- Key: ELY-1592 URL: https://issues.jboss.org/browse/ELY-1592 Project: WildFly Elytron Issue Type: Bug Components: SASL Affects Versions: 1.3.2.Final Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Blocker Fix For: 1.3.3.CR1 Attachments: jboss-cli-CD12.log, jboss-cli-CD13.log, org.jboss.eapqe.krbldap.eap71.tests.krb.mgmt.KerberosCLIGssapiTestCase-output-CD12.txt, org.jboss.eapqe.krbldap.eap71.tests.krb.mgmt.KerberosCLIGssapiTestCase-output-CD13.txt Use case: Administrator wants to connect to CLI using kerberos ticket. It is not possible in CD13 with error {code} Client authentication failed: javax.security.sasl.SaslException: ELY05108: Unable to create response token [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))] {code} Attaching logs of server and client for CD12 (OK) and CD13 (NOK) In server log there is missing message {{Server received authentication request}} so it makes me think problem is on client side. Comparing client logs there is difference * CD13 {code} 11:32:58,924 TRACE [org.jboss.remoting.remote.client] Client authentication failed: javax.security.sasl.SaslException: ELY05108: Unable to create response token [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))] {code} * CD12 compared to CD12 {code} 11:31:16,946 TRACE [org.wildfly.security.sasl.gssapi] GSSContext established, transitioning to negotiate security layer. {code}