Menu
▾
▴
Re: [Wrapper-user] JBoss + Windows: service GSSAPI+Kerberos won't work for me with wrapper
|
From: Leif M. <lei...@ta...> - 2009-03-07 03:40:17
|
Chris, When it is failing to find the keyTab file, are you running as a service or in console mode. Please be sure to test in console mode. If that works but the service fails it will significantly narrow down the possibilities. Another thing to try is to run once with the following property set: wrapper.java.command.loglevel=INFO This will cause the full generated Java command line to be written to the log. Copy this into a batch file and, important, remove the -Dwrapper.key parameter. You will then be able to run your application using the same settings as the Wrapper but without having the Wrapper in the equation. This mode was written as a sanity check so the Wrapper can be removed from the list of potential causes. One common cause is running the wrong JVM. When you run from your run.bat, the JAVA_HOME or PATH may be finding a different java version than the wrapper. Setting the Java command to a known value will resolve this kind of problem. wrapper.java.command=%JAVA_HOME%/bin/java You should be able to see he exact JVM being run by looking at the above java command line. Cheers, Leif On Sat, Mar 7, 2009 at 7:26 AM, Christopher Corbell <chr...@gm...> wrote: > Has anyone used the magic compination of: wrapper (for Windows service), > JBoss, and Kerberos/GSSAPI? > > What I'm finding is that when my (JBoss) service runs under wrapper, the > Java GSSAPI code can't seem to load/validate the service's credentials. I'm > using a local keyTab file exported from an ActiveDirectory KDC for the > service credentials. > > When I do this with the standard JBoss run.bat (avoiding wrapper), > everything works fine - the credential gets created and the > acceptSecContext() call succeeds (meaning my service has been validated by > the local keyTab file in conjunction with an ActiveDirectory KDC). The > local absolute path to the keyTab is configured (along with other Kerberos > login module properties) in the JBoss login-config.xml file. > > When I run the exact same code and configuration but run my service via > wrapper, I get a "GSSException: no valid credentails provided" error. Most > of the time I've seen this exception during credentials creation it's > because the service can't find or resolve its keyTab file. Any reason the > wrapper-launched service might fail to resolve an absolute path to a local > keyTab file, or fail to read the file, when it works fine via straight > launch of JBoss? > > I'm using JBoss 4.0.5 and wrapper 3.2.3. Thanks for any help. > > - Chris |
