[infinispan-issues] [JBoss JIRA] (ISPN-4298) HotRod kerberos auth doesn't see the ticket when creating RemoteCachManager

Vojtech Juranek (JIRA) issues at jboss.org
Mon May 19 06:54:56 EDT 2014 

Vojtech Juranek created ISPN-4298:
-------------------------------------

             Summary: HotRod kerberos auth doesn't see the ticket when creating RemoteCachManager
                 Key: ISPN-4298
                 URL: https://issues.jboss.org/browse/ISPN-4298
             Project: Infinispan
          Issue Type: Bug
          Components: Server
            Reporter: Vojtech Juranek
            Assignee: Mircea Markus


When HR client obtains initial GSSAPI challenge (usually when creating {{RemoteCachManager}}), it fails with
{noformat}
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212)
        at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:67)
        at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:25)
        at org.apache.commons.pool.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:1220)
        at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.borrowTransportFromPool(TcpTransportFactory.java:306)
        ... 109 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
        at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
        at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121)
        at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
        at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223)
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193)
        ... 113 more
{noformat}

When the code is wrapped by {{PrivilegedExceptionAction}}, e.g.
{code}
final Configuration config = getRemoteCacheManagerConfig(subj);
Subject.doAs(subj, new PrivilegedExceptionAction<Void>() {
    public Void run() throws Exception {
        remoteCacheManager = new RemoteCacheManager(config, true);
        return null;
    }
});
{code}
everything works fine



--
This message was sent by Atlassian JIRA
(v6.2.3#6260)

More information about the infinispan-issues mailing list