[jboss-jira] [JBoss JIRA] (ELY-1541) local-kerberos CredentialSource does not work with IBM java
Jan Kalina (JIRA)
issues at jboss.org
Thu Apr 5 16:59:00 EDT 2018
[ https://issues.jboss.org/browse/ELY-1541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13556980#comment-13556980 ]
Jan Kalina commented on ELY-1541:
---------------------------------
Ok, I was wrong - we dont need any {{<local-kerberos>}} in elytron client. All you need to use kerberos as client is to use:
{code}
bin/jboss-cli.sh -c --no-local-auth -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.krb5.conf=/path/krb5.conf :whoami
{code}
For IBM it is sufficient to set KRB5CCNAME env variable before:
{code}
export KRB5CCNAME=FILE:/tmp/krb5cc_1000
{code}
This mean {{LocalKerberosCredentialSource}} should be removed (deprecated) from elytron, as it is redundant.
> local-kerberos CredentialSource does not work with IBM java
> -----------------------------------------------------------
>
> Key: ELY-1541
> URL: https://issues.jboss.org/browse/ELY-1541
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Credentials
> Affects Versions: 1.2.3.Final
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Labels: ibm-java
>
> When trying to connect as with Oracle JDK, following error occure:
> {code}
> Failed to connect to the controller: Unable to authenticate against controller at localhost:9990: ELY05053: Callback handler failed for unknown reason: java.lang.reflect.UndeclaredThrowableException: org.ietf.jgss.GSSException, major code: 11, minor code: 0
> major string: General failure, unspecified at GSSAPI level
> minor string: Cannot get credential for principal default principal
> {code}
> -This is probably related to missing *useDefaultCcache* JAAS config (false by default):-
> https://www.ibm.com/support/knowledgecenter/en/SSYKE2_6.0.0/com.ibm.java.security.component.60.doc/security-component/jgssDocs/jaas_login_user.html
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list