[jboss-jira] [JBoss JIRA] (ELY-1592) CLI + Kerberos authentication fails in CD13

Darran Lofthouse (JIRA) issues at jboss.org
Thu May 24 07:49:00 EDT 2018 

    [ https://issues.jboss.org/browse/ELY-1592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13581578#comment-13581578 ] 

Darran Lofthouse commented on ELY-1592:
---------------------------------------

Moved back as an ELY issue, rather than adding mew module dependencies all over the place instead the SASL mechanism can ensure the correct class loader is in use for all calls to initSecContext.

> CLI + Kerberos authentication fails in CD13
> -------------------------------------------
>
>                 Key: ELY-1592
>                 URL: https://issues.jboss.org/browse/ELY-1592
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SASL
>    Affects Versions: 1.2.4.Final
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>             Fix For: 1.2.5.CR1
>
>         Attachments: jboss-cli-CD12.log, jboss-cli-CD13.log, org.jboss.eapqe.krbldap.eap71.tests.krb.mgmt.KerberosCLIGssapiTestCase-output-CD12.txt, org.jboss.eapqe.krbldap.eap71.tests.krb.mgmt.KerberosCLIGssapiTestCase-output-CD13.txt
>
>
> Use case: Administrator wants to connect to CLI using kerberos ticket. It is not possible in CD13 with error
> {code}
> Client authentication failed: javax.security.sasl.SaslException: ELY05108: Unable to create response token [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]
> {code}
> Attaching logs of server and client for CD12 (OK) and CD13 (NOK)
> In server log there is missing message {{Server received authentication request}} so it makes me think problem is on client side.
> Comparing client logs there is difference
> * CD13
> {code}
> 11:32:58,924 TRACE [org.jboss.remoting.remote.client] Client authentication failed: javax.security.sasl.SaslException: ELY05108: Unable to create response token [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]
> {code}
> * CD12 
> compared to CD12
> {code}
> 11:31:16,946 TRACE [org.wildfly.security.sasl.gssapi] GSSContext established, transitioning to negotiate security layer.
> {code}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list