Elytron error message less comprehensive in jdk9 compared to jdk8 ----------------------------------------------------------------- Key: WFCORE-3639 URL: https://issues.jboss.org/browse/WFCORE-3639 Project: WildFly Core Issue Type: Bug Components: CLI Affects Versions: 4.0.0.Beta1 Reporter: Martin Choma Assignee: Jean-Francois Denise Priority: Major I like jdk8 error message where there is obvious GS2-KRB5 has been attempted but failed for some reason, PLAIN has been attempted, but failed for some reason. {code:title=jdk8} Failed to connect to the controller: Unable to authenticate against controller at localhost:9993: Authentication failed: all available authentication mechanisms failed: GS2-KRB5: javax.security.sasl.SaslException: GS2-KRB5: Server rejected authentication PLAIN: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: Failed to read username: Invalid Usage. Prompt attempted in non-interactive mode. Please check commands or change CLI mode.] {code} Whereas in jdk9 error message hides the fact GS2-KRB5 was attempted and just prints error for PLAIN mechanism, but does not mention explicitely it is PLAIN mechanism {code:title=jdk9} Failed to connect to the controller: Unable to authenticate against controller at localhost:9993: Cannot get password: Failed to read username: Invalid Usage. Prompt attempted in non-interactive mode. Please check commands or change CLI mode. {code} This is general question, but I have hit this with this specific use case: 1. server is configured to use GS2-KRB5 and PLAIN 2. server is configured with TLS 3. client is configured to use GS2-KRB5 4. expectation is authentication should be not successful because channel binding GS2-KRB5-PLUS should be used.