[infinispan-issues] [JBoss JIRA] (ISPN-4224) Kerberos auth IT fails on JDK8

Gustavo Fernandes (JIRA) issues at jboss.org
Wed May 28 11:57:16 EDT 2014 

    [ https://issues.jboss.org/browse/ISPN-4224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12971334#comment-12971334 ] 

Gustavo Fernandes commented on ISPN-4224:
-----------------------------------------

I have failures both in jdk1.7 and 1.8.
The test fails during authentication because the Kerberos server has no knowledge of the "Realm" or "KDC" (at least in my environment)

>From the embedded Apache Directory Server logs:
{code}
Caused by: javax.security.sasl.SaslException: Failure to initialize security context [Caused by GSSException: Invalid name provided (Mechanism level: Cannot locate default realm)]
	at com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:113)
	at com.sun.security.sasl.gsskerb.FactoryImpl.createSaslServer(FactoryImpl.java:85)
	at javax.security.sasl.Sasl.createSaslServer(Sasl.java:509)
	at org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler$1.run(GssapiMechanismHandler.java:78)
	at org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler$1.run(GssapiMechanismHandler.java:75)
	... 19 more
Caused by: GSSException: Invalid name provided (Mechanism level: Cannot locate default realm)
	at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:127)
	at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:95)
	at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:202)
	at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:472)
	at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201)
	at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170)
	at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:137)
	at com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:93)
	... 23 more
{code} 

I've created a pull request that solve the issue for me, please take a look if it works for you in both 1.7 and 1.8

> Kerberos auth IT fails on JDK8
> ------------------------------
>
>                 Key: ISPN-4224
>                 URL: https://issues.jboss.org/browse/ISPN-4224
>             Project: Infinispan
>          Issue Type: Bug
>          Components: Test Suite - Core
>            Reporter: Vojtech Juranek
>            Assignee: Vojtech Juranek
>
> [Kerberos auth integration test|https://github.com/infinispan/infinispan/blob/master/integrationtests/security-it/src/test/java/org/infinispan/test/integration/security/embedded/KrbLdapAuthenticationIT.java] passes on JDK7, but fails on JDK8 with 
> {noformat}
> Caused by: javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.b5efb5d4-0f0d-448f-b60f-e8bd15023ebd.war:main" from Service Module Loader [Root exception is javax.naming.CommunicationException: Request: 1 cancelled]
>      at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)
>      at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
>      at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
>      at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:90)
>      at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
>      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
>      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
>      at javax.naming.InitialContext.init(InitialContext.java:242)
>      at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
>      at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:431)
>      ... 109 more
>  Caused by: javax.naming.CommunicationException: Request: 1 cancelled
>      at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:105)
>      at com.sun.jndi.ldap.Connection.readReply(Connection.java:449)
>      at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:364)
>      at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:126)
>      at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:235)
>      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
>      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
>      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
>      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
>      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
>      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
>      at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
>      ... 118 more
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2.3#6260)

More information about the infinispan-issues mailing list