Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-4619

XMPP: Make SASL mechanism configurable

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.7
    • Fix Version/s: 16.0.0
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None
    • Environment:
      CentOS 5, RPM. ejabberd Server

      Description

      opennms uses smack for xmpp notifications.
      ejabberd insists on using sasl if the client sends the version "1.0", see http://www.ejabberd.im/node/3203
      The Centos version of ejabberd comes with the gssapi mech, and it's always announced, no way to disable it in the ejabberd configuration.
      All mechs are enable in smack and so opennms tries to use gssapi, which fails with the exception below.
      I would like to disable/enable mechs in the configuration file of opennms, etc/xmpp-configuration.properties
      XMPPNotificationManager would use the smack methods SASLAuthentication.register and unregister to configure the mechs.

      ----------
      java.lang.SecurityException: gss.conf (No such file or directory)
      at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
      at java.lang.Class.newInstance0(Class.java:355)
      at java.lang.Class.newInstance(Class.java:308)
      at javax.security.auth.login.Configuration$3.run(Configuration.java:247)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242)
      at sun.security.jgss.LoginConfigImpl$1.run(LoginConfigImpl.java:47)
      at sun.security.jgss.LoginConfigImpl$1.run(LoginConfigImpl.java:45)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.security.jgss.LoginConfigImpl.<init>(LoginConfigImpl.java:44)
      at sun.security.jgss.GSSUtil.login(GSSUtil.java:244)
      at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:136)
      at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:328)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:325)
      at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:128)
      at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106)
      at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172)
      at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209)
      at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195)
      at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
      at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175)
      at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:117)
      at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanism.java:86)
      at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:319)
      at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:230)
      at org.opennms.netmgt.notifd.XMPPNotificationManager.login(XMPPNotificationManager.java:229)
      at org.opennms.netmgt.notifd.XMPPNotificationManager.connectToServer(XMPPNotificationManager.java:208)
      at org.opennms.netmgt.notifd.XMPPNotificationManager.<init>(XMPPNotificationManager.java:190)
      at org.opennms.netmgt.notifd.XMPPNotificationManager.getInstance(XMPPNotificationManager.java:247)
      at org.opennms.netmgt.notifd.XMPPNotificationStrategy.send(XMPPNotificationStrategy.java:136)
      at org.opennms.netmgt.notifd.ClassExecutor.execute(ClassExecutor.java:71)
      at org.opennms.netmgt.notifd.NotificationTask.run(NotificationTask.java:282)
      Caused by: java.io.IOException: gss.conf (No such file or directory)
      at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:195)
      at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91)
      ... 36 more

        Attachments

          Activity

            People

            • Assignee:
              j-white Jesse White
              Reporter:
              vasquez Andreas Mack
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: