opennms uses smack for xmpp notifications. ejabberd insists on using sasl if the client sends the version "1.0", see http://www.ejabberd.im/node/3203 The Centos version of ejabberd comes with the gssapi mech, and it's always announced, no way to disable it in the ejabberd configuration. All mechs are enable in smack and so opennms tries to use gssapi, which fails with the exception below. I would like to disable/enable mechs in the configuration file of opennms, etc/xmpp-configuration.properties XMPPNotificationManager would use the smack methods SASLAuthentication.register and unregister to configure the mechs.
----------
java.lang.SecurityException: gss.conf (No such file or directory) at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at javax.security.auth.login.Configuration$3.run(Configuration.java:247) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242) at sun.security.jgss.LoginConfigImpl$1.run(LoginConfigImpl.java:47) at sun.security.jgss.LoginConfigImpl$1.run(LoginConfigImpl.java:45) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jgss.LoginConfigImpl.<init>(LoginConfigImpl.java:44) at sun.security.jgss.GSSUtil.login(GSSUtil.java:244) at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:136) at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:328) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:325) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:128) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106) at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172) at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175) at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:117) at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanism.java:86) at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:319) at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:230) at org.opennms.netmgt.notifd.XMPPNotificationManager.login(XMPPNotificationManager.java:229) at org.opennms.netmgt.notifd.XMPPNotificationManager.connectToServer(XMPPNotificationManager.java:208) at org.opennms.netmgt.notifd.XMPPNotificationManager.<init>(XMPPNotificationManager.java:190) at org.opennms.netmgt.notifd.XMPPNotificationManager.getInstance(XMPPNotificationManager.java:247) at org.opennms.netmgt.notifd.XMPPNotificationStrategy.send(XMPPNotificationStrategy.java:136) at org.opennms.netmgt.notifd.ClassExecutor.execute(ClassExecutor.java:71) at org.opennms.netmgt.notifd.NotificationTask.run(NotificationTask.java:282) Caused by: java.io.IOException: gss.conf (No such file or directory) at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:195) at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91) ... 36 more
Environment
CentOS 5, RPM. ejabberd Server
Acceptance / Success Criteria
None
Lucidchart Diagrams
Activity
Show:
Jesse White February 11, 2015 at 10:29 AM
Fixed with . Tested against ejabberd 2.1.11.
Benjamin Reed May 23, 2011 at 11:53 AM
Silly question, but as a workaround, does it work if you make a gss.conf in $OPENNMS_HOME/etc? It's in the classpath, so in theory it might find it.
opennms uses smack for xmpp notifications.
ejabberd insists on using sasl if the client sends the version "1.0", see http://www.ejabberd.im/node/3203
The Centos version of ejabberd comes with the gssapi mech, and it's always announced, no way to disable it in the ejabberd configuration.
All mechs are enable in smack and so opennms tries to use gssapi, which fails with the exception below.
I would like to disable/enable mechs in the configuration file of opennms, etc/xmpp-configuration.properties
XMPPNotificationManager would use the smack methods SASLAuthentication.register and unregister to configure the mechs.
---------- java.lang.SecurityException: gss.conf (No such file or directory)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at javax.security.auth.login.Configuration$3.run(Configuration.java:247)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242)
at sun.security.jgss.LoginConfigImpl$1.run(LoginConfigImpl.java:47)
at sun.security.jgss.LoginConfigImpl$1.run(LoginConfigImpl.java:45)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.LoginConfigImpl.<init>(LoginConfigImpl.java:44)
at sun.security.jgss.GSSUtil.login(GSSUtil.java:244)
at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:136)
at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:328)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:325)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:128)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175)
at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:117)
at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanism.java:86)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:319)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:230)
at org.opennms.netmgt.notifd.XMPPNotificationManager.login(XMPPNotificationManager.java:229)
at org.opennms.netmgt.notifd.XMPPNotificationManager.connectToServer(XMPPNotificationManager.java:208)
at org.opennms.netmgt.notifd.XMPPNotificationManager.<init>(XMPPNotificationManager.java:190)
at org.opennms.netmgt.notifd.XMPPNotificationManager.getInstance(XMPPNotificationManager.java:247)
at org.opennms.netmgt.notifd.XMPPNotificationStrategy.send(XMPPNotificationStrategy.java:136)
at org.opennms.netmgt.notifd.ClassExecutor.execute(ClassExecutor.java:71)
at org.opennms.netmgt.notifd.NotificationTask.run(NotificationTask.java:282)
Caused by: java.io.IOException: gss.conf (No such file or directory)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:195)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91)
... 36 more