Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-1087

CIFS kerberos authentification does not work with Websphere

    Details

    • Type: Service Pack Request
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 3.3.2
    • Fix Version/s: 3.4.2
    • Labels:
      None
    • Environment:
      linux+websphere+mysql
    • Bug Priority:
      Category 2
    • ACT Numbers:

      22236 25311

      Description

      CIFS kerberos authentification does not work with IBM java
      This may be just a documentation bug but is probably a genuine bug.

      How to reproduce?
      ==================
      1) build a 3.3.2 system (linux+tomcat+mysql) with kerberos auth and Websphere

      The documentation documents only the Sun JVM setup.
      Research on the Internet shows that the configuration steps should probably be like (please have engineering validate this):

      In JRE\lib\security\java.security. In file:

      Add the following line

      login.config.url.1=file:${java.home}/lib/security/java.login.config

      In jre/lib/security

      create a file:
      java.login.config
      ------------------------
      Alfresco

      { com.ibm.security.auth.module.Krb5LoginModule sufficient; };

      AlfrescoCIFS { com.ibm.security.auth.module.Krb5LoginModule required debug=true credsType=acceptor useKeyTab="file:///etc/keys/alfrescocifs.keytab" principal="cifs/madona.example.foo"; };

      AlfrescoHTTP { com.ibm.security.auth.module.Krb5LoginModule required debug=true credsType=acceptor useKeytab="file:///etc/keys/alfrescohttp.keytab" principal="HTTP/madona.example.foo"; };

      com.sun.net.ssl.client { com.ibm.security.auth.module.Krb5LoginModule sufficient; }

      ;

      other

      { com.ibm.security.auth.module.Krb5LoginModule sufficient; }

      ;
      --------------

      2) boot alfresco

      Result:
      ======
      Only HTTP kerberos works.
      CIFS kerberos fails with:

      16:02:04,834 ERROR [smb.protocol.auth] CIFS Kerberos authenticator error
      javax.security.auth.login.LoginException: Bad JAAS configuration: unrecognized o
      ption: useKeyTab

      full stack attached as alfresco_logs_alex.txt

      Expected result:
      ================
      Kerberos CIFS works with IBM java as it is in the supported stacks.

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  closedbugs Closed Bugs (Inactive)
                  Reporter:
                  amadon Alex Madon [X] (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel