Menu
▾
▴
[Wrapper-user] JBoss + Windows: service GSSAPI+Kerberos won't work for me with wrapper
|
From: Christopher C. <chr...@gm...> - 2009-03-06 22:26:21
|
Has anyone used the magic compination of: wrapper (for Windows service), JBoss, and Kerberos/GSSAPI? What I'm finding is that when my (JBoss) service runs under wrapper, the Java GSSAPI code can't seem to load/validate the service's credentials. I'm using a local keyTab file exported from an ActiveDirectory KDC for the service credentials. When I do this with the standard JBoss run.bat (avoiding wrapper), everything works fine - the credential gets created and the acceptSecContext() call succeeds (meaning my service has been validated by the local keyTab file in conjunction with an ActiveDirectory KDC). The local absolute path to the keyTab is configured (along with other Kerberos login module properties) in the JBoss login-config.xml file. When I run the exact same code and configuration but run my service via wrapper, I get a "GSSException: no valid credentails provided" error. Most of the time I've seen this exception during credentials creation it's because the service can't find or resolve its keyTab file. Any reason the wrapper-launched service might fail to resolve an absolute path to a local keyTab file, or fail to read the file, when it works fine via straight launch of JBoss? I'm using JBoss 4.0.5 and wrapper 3.2.3. Thanks for any help. - Chris |
