[jboss-jira] [JBoss JIRA] (WFCORE-2931) Regression in DR19, Elytron unable to authenticate with kerberos using jboss-cli

Darran Lofthouse (JIRA) issues at jboss.org
Fri Jul 7 06:28:02 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved WFCORE-2931.
--------------------------------------
    Fix Version/s: 3.0.0.Beta29
       Resolution: Done


> Regression in DR19, Elytron unable to authenticate with kerberos using jboss-cli
> --------------------------------------------------------------------------------
>
>                 Key: WFCORE-2931
>                 URL: https://issues.jboss.org/browse/WFCORE-2931
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>             Fix For: 3.0.0.Beta29
>
>
> Trying to connect with jboss-cli to server using kerberos leads to error 
> {code}
> 14:41:22,654 TRACE [org.wildfly.security.sasl.gssapi.server] (management task-7) Client selected security layer AUTH, with maxBuffer of 65536
> 14:41:22,655 TRACE [org.jboss.remoting.remote.server] (management task-7) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05123: [GSSAPI] No security layer selected but message length received
> 	at org.wildfly.security.sasl.gssapi.GssapiServer.evaluateMessage(GssapiServer.java:245)
> 	at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
> 	at org.wildfly.security.sasl.gssapi.GssapiServer.evaluateResponse(GssapiServer.java:121)
> 	at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
> 	at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
> 	at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57)
> 	at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)
> 	at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)
> 	at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:470)
> 	at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:902)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> {code}
> Error message is little bit confusing as previous log message claims AUTH security layer is selected.
> Looking into code does not reveal meaning to me neither.
> {code:java|title=GssapiServer.java}
> 	log.tracef("Client selected security layer %s, with maxBuffer of %d", selectedQop, maxBuffer);
> 	if (relaxComplianceChecks == false && selectedQop == QOP.AUTH && maxBuffer != 0) {
> 	    throw log.mechNoSecurityLayerButLengthReceived(getMechanismName()).toSaslException();
> 	}
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list