[jboss-jira] [JBoss JIRA] (WFLY-7334) Elytron kerberos implementation ignore java.security.krb5.* system properties
Martin Choma (JIRA)
issues at jboss.org
Thu Oct 20 06:59:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-7334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13309723#comment-13309723 ]
Martin Choma commented on WFLY-7334:
------------------------------------
I have attached {{standalone-elytron.xml}}, for which I don't see java kerberos debug messages, even if I start wildfly with {code}./standalone.sh -Djava.security.krb5.debug=true{code} .
Only way I can get debug messages in log:
{code}
12:34:22,641 INFO [stdout] (default task-1) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/tasks/20161017_elytron_kerberos/jboss_server_base_dir_eap7/configuration/http.keytab refreshKrb5Config is false principal is HTTP/localhost.localdomain at JBOSS.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
12:34:22,643 INFO [stdout] (default task-1) principal is HTTP/localhost.localdomain at JBOSS.ORG
12:34:22,643 INFO [stdout] (default task-1) Will use keytab
12:34:22,644 INFO [stdout] (default task-1) Commit Succeeded
12:34:22,644 INFO [stdout] (default task-1)
{code}
is to set {{debug}} attribute of {{kerberos-security-factory}} to true
> Elytron kerberos implementation ignore java.security.krb5.* system properties
> -----------------------------------------------------------------------------
>
> Key: WFLY-7334
> URL: https://issues.jboss.org/browse/WFLY-7334
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Martin Choma
> Assignee: Jan Kalina
> Priority: Critical
> Attachments: standalone-elytron.xml
>
>
> I don't see any behavior change, when I set standard java.security.krb5.* system properties. Trying to set properties in both ways:
> * command line
> {code}
> -Djava.security.krb5.conf=/unreal/path -Djava.security.krb5.debug=true -Djava.security.krb5.kdc=wrong.kdc -Djava.security.krb5.realm=REDHAT.COM
> {code}
> * standalone.xml
> {code}
> <property name="java.security.krb5.conf" value="/etc/krb5.confBUG"/>
> <property name="java.security.krb5.kdc" value="localhost.localhostBUG"/>
> <property name="java.security.krb5.realm" value="JBOSS.ORGBUG"/>
> <property name="java.security.krb5.debug" value="true"/>
> {code}
> Biggest problem as I see is user is unable to change {{krb5.conf}} location. In legacy security solution it was possible.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list