Datasource Configured with Kerberos
khoying Oct 31, 2014 3:07 PMI am having a very difficult time getting a Datasource configured to use Kerberos for authentication. I am sure I am doing something simple wrong, as I am new to this type of configuration. Any help would be GREATLY appreciated!!
My Datasource Configuration looks like:
<datasource jndi-name="java:/tpvHive5" pool-name="tpvHive5" enabled="true" use-java-context="true"> <connection-url>jdbc:impala://server:25003/;AuthMech=1;KerbRealm=CORP.COMPANY.COM;KrbHostFQDN=server;KrbServiceName=impala</connection-url> <driver>hive5</driver> <security> <security-domain>tpv-hive</security-domain> </security> <validation> <check-valid-connection-sql>show databases</check-valid-connection-sql> <background-validation>true</background-validation> <background-validation-millis>5000</background-validation-millis> </validation> </datasource>
My Security Domain Configuration looks like:
<security-domain name="tpv-hive" cache-type="default"> <authentication> <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required" module="org.jboss.security.negotiation"> <module-option name="storeKey" value="true"/> <module-option name="userKeyTab" value="true"/> <module-option name="principal" value="user@CORP.COMPANY.COM"/> <module-option name="keyTab" value="/Servers/jboss-eap-6.1/modules/org/apache/hive5/main/user.keytab"/> <module-option name="doNotPrompt" value="true"/> <module-option name="debug" value="true"/> <module-option name="useTicketCache" value="true"/> <module-option name="ticketCache" value="/tmp/krb"/> <module-option name="refreshKrb5Config" value="true"/> <module-option name="isInitiator" value="true"/> <module-option name="delegationCredential" value="USE"/> <module-option name="addGSSCredential" value="true"/> </login-module> </authentication> </security-domain>
I am getting the following error:
ERROR [org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject] (HttpManagementService-threads - 2) IJ000614: Exception during createSubject() PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
When I debug and set a breakpoint on the next exception, I notice that the principal is null and I suspect that is why the error is occurring. It is line 84. Here is the source code: http://grepcode.com/file/repo1.maven.org/maven2/org.picketbox/jbosssx/4.0.17.Final/org/jboss/security/plugins/JBossSecuritySubjectFactory.java?av=f
I suspect that I am doing something silly here that is probably obvious to someone more versed in this.
Thank you!