[infinispan-issues] [JBoss JIRA] (ISPN-4298) HotRod kerberos auth doesn't see the ticket when creating RemoteCachManager

RH Bugzilla Integration (JIRA) issues at jboss.org
Tue May 20 10:24:57 EDT 2014 

    [ https://issues.jboss.org/browse/ISPN-4298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12969083#comment-12969083 ] 

RH Bugzilla Integration commented on ISPN-4298:
-----------------------------------------------

Tristan Tarrant <ttarrant at redhat.com> changed the Status of [bug 1099054|https://bugzilla.redhat.com/show_bug.cgi?id=1099054] from NEW to ON_QA

> HotRod kerberos auth doesn't see the ticket when creating RemoteCachManager
> ---------------------------------------------------------------------------
>
>                 Key: ISPN-4298
>                 URL: https://issues.jboss.org/browse/ISPN-4298
>             Project: Infinispan
>          Issue Type: Bug
>          Components: Server
>            Reporter: Vojtech Juranek
>            Assignee: Tristan Tarrant
>             Fix For: 7.0.0.Beta1
>
>
> When HR client obtains initial GSSAPI challenge (usually when creating {{RemoteCachManager}}), it fails with
> {noformat}
> Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
>         at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212)
>         at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:67)
>         at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:25)
>         at org.apache.commons.pool.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:1220)
>         at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.borrowTransportFromPool(TcpTransportFactory.java:306)
>         ... 109 more
> Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
>         at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
>         at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121)
>         at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
>         at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223)
>         at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
>         at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
>         at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193)
>         ... 113 more
> {noformat}
> When the code is wrapped by {{PrivilegedExceptionAction}}, e.g.
> {code}
> final Configuration config = getRemoteCacheManagerConfig(subj);
> Subject.doAs(subj, new PrivilegedExceptionAction<Void>() {
>     public Void run() throws Exception {
>         remoteCacheManager = new RemoteCacheManager(config, true);
>         return null;
>     }
> });
> {code}
> everything works fine



--
This message was sent by Atlassian JIRA
(v6.2.3#6260)

More information about the infinispan-issues mailing list