[infinispan-issues] [JBoss JIRA] (ISPN-4397) HR server is not able to connect to KDC server
Vojtech Juranek (JIRA)
issues at jboss.org
Thu Jun 12 09:33:39 EDT 2014
Vojtech Juranek created ISPN-4397:
-------------------------------------
Summary: HR server is not able to connect to KDC server
Key: ISPN-4397
URL: https://issues.jboss.org/browse/ISPN-4397
Project: Infinispan
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Server
Reporter: Vojtech Juranek
Assignee: Tristan Tarrant
After upgrade to WildFly 8.1 (commit [2eb84c2824d82530e508b2063409b1d22225772d|https://github.com/infinispan/infinispan/commit/2eb84c2824d82530e508b2063409b1d22225772d]), HotRod server endpoint is not able to connect to KDC server (when kerberos sasl server-context-name name is specified) and startup teh the HR server fails with
{noformat}
Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:763) [rt.jar:1.7.0_45]
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584) [rt.jar:1.7.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_45]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_45]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_45]
at org.infinispan.server.endpoint.subsystem.ProtocolServerService.getServerSubject(ProtocolServerService.java:235)
at org.infinispan.server.endpoint.subsystem.ProtocolServerService.start(ProtocolServerService.java:126)
... 5 more
Caused by: KrbException: Cannot locate KDC
at sun.security.krb5.Config.getKDCList(Config.java:1236) [rt.jar:1.7.0_45]
at sun.security.krb5.KdcComm.send(KdcComm.java:210) [rt.jar:1.7.0_45]
at sun.security.krb5.KdcComm.send(KdcComm.java:191) [rt.jar:1.7.0_45]
at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319) [rt.jar:1.7.0_45]
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:364) [rt.jar:1.7.0_45]
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:735) [rt.jar:1.7.0_45]
... 19 more
Caused by: KrbException: Generic error (description in e-text) (60) - Unable to locate KDC for realm INFINISPAN.ORG
at sun.security.krb5.Config.getKDCFromDNS(Config.java:1333) [rt.jar:1.7.0_45]
at sun.security.krb5.Config.getKDCList(Config.java:1209) [rt.jar:1.7.0_45]
... 24 more
{noformat}
In this case KDC run on port 6088 and it's very likely (more in-depth investigation is needed), that krb client used by server ignores path to krb setup (env. var {{java.security.krb5.conf}}) and tried to connect to port 88. This seems to be a bug in WildFly 8.1.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the infinispan-issues
mailing list