Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1592

CLI + Kerberos authentication fails in CD13

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 1.3.3.Final
    • 1.3.2.Final
    • SASL
    • None

      Use case: Administrator wants to connect to CLI using kerberos ticket. It is not possible in CD13 with error

      Client authentication failed: javax.security.sasl.SaslException: ELY05108: Unable to create response token [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]

      Attaching logs of server and client for CD12 (OK) and CD13 (NOK)

      In server log there is missing message Server received authentication request so it makes me think problem is on client side.

      Comparing client logs there is difference

      • CD13 
        11:32:58,924 TRACE [org.jboss.remoting.remote.client] Client authentication failed: javax.security.sasl.SaslException: ELY05108: Unable to create response token [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]
      • CD12
        compared to CD12 
        11:31:16,946 TRACE [org.wildfly.security.sasl.gssapi] GSSContext established, transitioning to negotiate security layer.

        1. jboss-cli-CD12.log
          55 kB
        2. jboss-cli-CD13.log
          48 kB
        3. org.jboss.eapqe.krbldap.eap71.tests.krb.mgmt.KerberosCLIGssapiTestCase-output-CD13.txt
          433 kB
        4. org.jboss.eapqe.krbldap.eap71.tests.krb.mgmt.KerberosCLIGssapiTestCase-output-CD12.txt
          491 kB

            darran.lofthouse@redhat.com Darran Lofthouse
            mchoma@redhat.com Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: