0 Replies Latest reply on Nov 4, 2017 1:34 PM by justcono

    jgroups node authentication in cluster using kerberos - No CallbackHandler available to garner authentication information from the user

    justcono

      Hi Guys,

       

      I haven't been able to get this configuration working for authenticating my node via kerberos. Any hints on this one? I get "No CallbackHandler available to garner authentication information from the user".  Does this mean it can't find the principal? I'm not sure how far I'm into the handshake to know where to look next. Assistance is GREATLY appreciated!!

       

      my config snippets:

       

       

       

      <stack>

      ...

                        <sasl security-realm="ApplicationRealm" mech="GSSAPI">

                         <property name="login_module_name">krb-node0</property>

                      </sasl>

      ...

      </stack>

       

                      <security-domain name="krb-node0" cache-type="default">

                          <authentication>

                              <login-module code="Kerberos" flag="required">

                                  <module-option name="storeKey" value="true"/>

                                  <module-option name="doNotPrompt" value="false"/>

                                  <module-option name="refreshKrb5Config" value="true"/>

                                  <module-option name="useKeyTab" value="true"/>

                                  <module-option name="keyTab" value="${jboss.domain.config.dir}/jgroups_node0_clustered.keytab"/>

                                  <module-option name="principal" value="jgroups/node0/clustered@DEV.NET"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

      On windows AD I created the principal with:

      ktpass -out c:\krb5.keytab -princ jgroups/node0/clustered/if02.dev.net@DEV.NET -pass password -mapuser if02$@dev.net -mapop set +answer +DesOnly -crypto DES-CBC-MD5 -ptype KRB5_NT_SRV_HST /kvno 2 -setupn

       

       

      Exceptions:

       

      Server:prod1-s1] 13:26:14,737 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.datagrid-jgroups.channel.cluster: org.jboss.msc.service.StartException in service jboss.datagrid-jgroups.channel.cluster: javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication information from the user

      [Server:prod1-s1] at org.infinispan.server.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:79)

      [Server:prod1-s1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)

      [Server:prod1-s1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)

      [Server:prod1-s1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

      [Server:prod1-s1] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

      [Server:prod1-s1] at java.lang.Thread.run(Thread.java:748)

      [Server:prod1-s1] Caused by: javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication information from the user

      [Server:prod1-s1] at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:901)

      [Server:prod1-s1] at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)

      [Server:prod1-s1] at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)

      [Server:prod1-s1] at org.jboss.security.negotiation.KerberosLoginModule.login(KerberosLoginModule.java:190)

      [Server:prod1-s1] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      [Server:prod1-s1] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

      [Server:prod1-s1] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

      [Server:prod1-s1] at java.lang.reflect.Method.invoke(Method.java:498)

      [Server:prod1-s1] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)

      [Server:prod1-s1] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

      [Server:prod1-s1] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

      [Server:prod1-s1] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

      [Server:prod1-s1] at java.security.AccessController.doPrivileged(Native Method)

      [Server:prod1-s1] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

      [Server:prod1-s1] at javax.security.auth.login.LoginContext.login(LoginContext.java:587)

      [Server:prod1-s1] at org.jgroups.protocols.SASL.init(SASL.java:180)

      [Server:prod1-s1] at org.infinispan.server.jgroups.JChannelFactory.createChannel(JChannelFactory.java:220)

      [Server:prod1-s1] at org.infinispan.server.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:77)

      [Server:prod1-s1] ... 5 more

      [Server:prod1-s1]

      [Server:prod1-s1] 13:26:14,753 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

      [Server:prod1-s1]     ("subsystem" => "datagrid-infinispan-endpoint"),

      [Server:prod1-s1]     ("hotrod-connector" => "hotrod-connector")

      [Server:prod1-s1] ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}

      [Server:prod1-s1] 13:26:14,755 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

      [Server:prod1-s1]     ("subsystem" => "datagrid-infinispan-endpoint"),

      [Server:prod1-s1]     ("rest-connector" => "rest-connector")

      [Server:prod1-s1] ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}

      [Server:prod1-s1] 13:26:14,757 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "datagrid-jgroups")]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}

      [Server:prod1-s1] 13:26:14,758 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

      [Server:prod1-s1]     ("subsystem" => "datagrid-jgroups"),

      [Server:prod1-s1]     ("channel" => "cluster")

      [Server:prod1-s1] ]) - failure description: {

      [Server:prod1-s1]     "WFLYCTL0080: Failed services" => {"jboss.datagrid-jgroups.channel.cluster" => "org.jboss.msc.service.StartException in service jboss.datagrid-jgroups.channel.cluster: javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication information from the user

      [Server:prod1-s1]     Caused by: javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication information from the user"},

      [Server:prod1-s1]     "WFLYCTL0412: Required services that are not installed:" => ["jboss.datagrid-jgroups.channel.cluster"],

      [Server:prod1-s1]     "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined

      [Server:prod1-s1] }

      [Server:prod1-s1] 13:26:14,760 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

      [Server:prod1-s1]     ("subsystem" => "datagrid-infinispan"),

      [Server:prod1-s1]     ("cache-container" => "clustered")

      [Server:prod1-s1] ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}

      [Server:prod1-s1] 13:26:14,775 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

      [Server:prod1-s1]     ("subsystem" => "datagrid-infinispan"),

      [Server:prod1-s1]     ("cache-container" => "clustered"),

      [Server:prod1-s1]     ("distributed-cache" => "default")

      [Server:prod1-s1] ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}

      [Server:prod1-s1] 13:26:14,776 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

      [Server:prod1-s1]     ("subsystem" => "datagrid-infinispan"),

      [Server:prod1-s1]     ("cache-container" => "clustered"),

      [Server:prod1-s1]     ("replicated-cache" => "repl")

      [Server:prod1-s1] ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}

       

      Thanks

      cd