[jboss-jira] [JBoss JIRA] (WFCORE-3881) CLI + Kerberos authentication fails in CD13

Darran Lofthouse (JIRA) issues at jboss.org
Thu May 24 07:13:00 EDT 2018 

     [ https://issues.jboss.org/browse/WFCORE-3881?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse moved ELY-1590 to WFCORE-3881:
-----------------------------------------------

              Project: WildFly Core  (was: WildFly Elytron)
                  Key: WFCORE-3881  (was: ELY-1590)
          Component/s: Security
                           (was: SASL)
    Affects Version/s: 5.0.0.Beta4
                           (was: 1.3.2.Final)
        Fix Version/s: 5.0.0.Beta5
                           (was: 1.3.3.CR1)


> CLI + Kerberos authentication fails in CD13
> -------------------------------------------
>
>                 Key: WFCORE-3881
>                 URL: https://issues.jboss.org/browse/WFCORE-3881
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 5.0.0.Beta4
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>             Fix For: 5.0.0.Beta5
>
>         Attachments: jboss-cli-CD12.log, jboss-cli-CD13.log, org.jboss.eapqe.krbldap.eap71.tests.krb.mgmt.KerberosCLIGssapiTestCase-output-CD12.txt, org.jboss.eapqe.krbldap.eap71.tests.krb.mgmt.KerberosCLIGssapiTestCase-output-CD13.txt
>
>
> Use case: Administrator wants to connect to CLI using kerberos ticket. It is not possible in CD13 with error
> {code}
> Client authentication failed: javax.security.sasl.SaslException: ELY05108: Unable to create response token [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]
> {code}
> Attaching logs of server and client for CD12 (OK) and CD13 (NOK)
> In server log there is missing message {{Server received authentication request}} so it makes me think problem is on client side.
> Comparing client logs there is difference
> * CD13
> {code}
> 11:32:58,924 TRACE [org.jboss.remoting.remote.client] Client authentication failed: javax.security.sasl.SaslException: ELY05108: Unable to create response token [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]
> {code}
> * CD12 
> compared to CD12
> {code}
> 11:31:16,946 TRACE [org.wildfly.security.sasl.gssapi] GSSContext established, transitioning to negotiate security layer.
> {code}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list