[infinispan-issues] [JBoss JIRA] (ISPN-4298) HotRod kerberos auth doesn't see the ticket when creating RemoteCachManager

Galder ZamarreƱo (JIRA) issues at jboss.org
Tue May 20 03:20:56 EDT 2014 

     [ https://issues.jboss.org/browse/ISPN-4298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Galder ZamarreƱo updated ISPN-4298:
-----------------------------------

           Status: Resolved  (was: Pull Request Sent)
    Fix Version/s: 7.0.0.Beta1
       Resolution: Done


> HotRod kerberos auth doesn't see the ticket when creating RemoteCachManager
> ---------------------------------------------------------------------------
>
>                 Key: ISPN-4298
>                 URL: https://issues.jboss.org/browse/ISPN-4298
>             Project: Infinispan
>          Issue Type: Bug
>          Components: Server
>            Reporter: Vojtech Juranek
>            Assignee: Tristan Tarrant
>             Fix For: 7.0.0.Beta1
>
>
> When HR client obtains initial GSSAPI challenge (usually when creating {{RemoteCachManager}}), it fails with
> {noformat}
> Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
>         at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212)
>         at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:67)
>         at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:25)
>         at org.apache.commons.pool.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:1220)
>         at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.borrowTransportFromPool(TcpTransportFactory.java:306)
>         ... 109 more
> Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
>         at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
>         at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121)
>         at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
>         at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223)
>         at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
>         at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
>         at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193)
>         ... 113 more
> {noformat}
> When the code is wrapped by {{PrivilegedExceptionAction}}, e.g.
> {code}
> final Configuration config = getRemoteCacheManagerConfig(subj);
> Subject.doAs(subj, new PrivilegedExceptionAction<Void>() {
>     public Void run() throws Exception {
>         remoteCacheManager = new RemoteCacheManager(config, true);
>         return null;
>     }
> });
> {code}
> everything works fine



--
This message was sent by Atlassian JIRA
(v6.2.3#6260)

More information about the infinispan-issues mailing list