jgroups node authentication in cluster using kerberos - No CallbackHandler available to garner authentication information from the user
justcono Nov 4, 2017 1:34 PMHi Guys,
I haven't been able to get this configuration working for authenticating my node via kerberos. Any hints on this one? I get "No CallbackHandler available to garner authentication information from the user". Does this mean it can't find the principal? I'm not sure how far I'm into the handshake to know where to look next. Assistance is GREATLY appreciated!!
my config snippets:
<stack>
...
<sasl security-realm="ApplicationRealm" mech="GSSAPI">
<property name="login_module_name">krb-node0</property>
</sasl>
...
</stack>
<security-domain name="krb-node0" cache-type="default">
<authentication>
<login-module code="Kerberos" flag="required">
<module-option name="storeKey" value="true"/>
<module-option name="doNotPrompt" value="false"/>
<module-option name="refreshKrb5Config" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="keyTab" value="${jboss.domain.config.dir}/jgroups_node0_clustered.keytab"/>
<module-option name="principal" value="jgroups/node0/clustered@DEV.NET"/>
</login-module>
</authentication>
</security-domain>
On windows AD I created the principal with:
ktpass -out c:\krb5.keytab -princ jgroups/node0/clustered/if02.dev.net@DEV.NET -pass password -mapuser if02$@dev.net -mapop set +answer +DesOnly -crypto DES-CBC-MD5 -ptype KRB5_NT_SRV_HST /kvno 2 -setupn
Exceptions:
Server:prod1-s1] 13:26:14,737 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.datagrid-jgroups.channel.cluster: org.jboss.msc.service.StartException in service jboss.datagrid-jgroups.channel.cluster: javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication information from the user
[Server:prod1-s1] at org.infinispan.server.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:79)
[Server:prod1-s1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
[Server:prod1-s1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
[Server:prod1-s1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[Server:prod1-s1] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[Server:prod1-s1] at java.lang.Thread.run(Thread.java:748)
[Server:prod1-s1] Caused by: javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication information from the user
[Server:prod1-s1] at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:901)
[Server:prod1-s1] at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
[Server:prod1-s1] at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
[Server:prod1-s1] at org.jboss.security.negotiation.KerberosLoginModule.login(KerberosLoginModule.java:190)
[Server:prod1-s1] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[Server:prod1-s1] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[Server:prod1-s1] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[Server:prod1-s1] at java.lang.reflect.Method.invoke(Method.java:498)
[Server:prod1-s1] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
[Server:prod1-s1] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
[Server:prod1-s1] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
[Server:prod1-s1] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
[Server:prod1-s1] at java.security.AccessController.doPrivileged(Native Method)
[Server:prod1-s1] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
[Server:prod1-s1] at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
[Server:prod1-s1] at org.jgroups.protocols.SASL.init(SASL.java:180)
[Server:prod1-s1] at org.infinispan.server.jgroups.JChannelFactory.createChannel(JChannelFactory.java:220)
[Server:prod1-s1] at org.infinispan.server.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:77)
[Server:prod1-s1] ... 5 more
[Server:prod1-s1]
[Server:prod1-s1] 13:26:14,753 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
[Server:prod1-s1] ("subsystem" => "datagrid-infinispan-endpoint"),
[Server:prod1-s1] ("hotrod-connector" => "hotrod-connector")
[Server:prod1-s1] ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}
[Server:prod1-s1] 13:26:14,755 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
[Server:prod1-s1] ("subsystem" => "datagrid-infinispan-endpoint"),
[Server:prod1-s1] ("rest-connector" => "rest-connector")
[Server:prod1-s1] ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}
[Server:prod1-s1] 13:26:14,757 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "datagrid-jgroups")]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}
[Server:prod1-s1] 13:26:14,758 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
[Server:prod1-s1] ("subsystem" => "datagrid-jgroups"),
[Server:prod1-s1] ("channel" => "cluster")
[Server:prod1-s1] ]) - failure description: {
[Server:prod1-s1] "WFLYCTL0080: Failed services" => {"jboss.datagrid-jgroups.channel.cluster" => "org.jboss.msc.service.StartException in service jboss.datagrid-jgroups.channel.cluster: javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication information from the user
[Server:prod1-s1] Caused by: javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication information from the user"},
[Server:prod1-s1] "WFLYCTL0412: Required services that are not installed:" => ["jboss.datagrid-jgroups.channel.cluster"],
[Server:prod1-s1] "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined
[Server:prod1-s1] }
[Server:prod1-s1] 13:26:14,760 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
[Server:prod1-s1] ("subsystem" => "datagrid-infinispan"),
[Server:prod1-s1] ("cache-container" => "clustered")
[Server:prod1-s1] ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}
[Server:prod1-s1] 13:26:14,775 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
[Server:prod1-s1] ("subsystem" => "datagrid-infinispan"),
[Server:prod1-s1] ("cache-container" => "clustered"),
[Server:prod1-s1] ("distributed-cache" => "default")
[Server:prod1-s1] ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}
[Server:prod1-s1] 13:26:14,776 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
[Server:prod1-s1] ("subsystem" => "datagrid-infinispan"),
[Server:prod1-s1] ("cache-container" => "clustered"),
[Server:prod1-s1] ("replicated-cache" => "repl")
[Server:prod1-s1] ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}
Thanks
cd