I just did a debian package upgrade, and now logging in is generating this error in service.log:
2014-11-06 16:33:21.341:INFO:/:Initializing Spring FrameworkServlet 'grails'
2014-11-06 16:44:50.814:WARN:oejpj.JAASLoginService:
javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:927)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:205)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:697)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:695)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:694)
at javax.security.auth.login.LoginContext.login(LoginContext.java:602)
at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:217)
at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:183)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:456)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
at org.eclipse.jetty.server.Server.handle(Server.java:349)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:857)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:599)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:534)
at java.lang.Thread.run(Thread.java:701)
The only other change I made was to the /etc/rundeck/profile:
export RDECK_JVM="-Djava.security.auth.login.config=/etc/rundeck/jaas-loginmodule.conf \
-Dloginmodule.name=RDpropertyfilelogin \
-Drdeck.config=/etc/rundeck \
-Drdeck.base=/var/lib/rundeck \
-Drundeck.server.configDir=/etc/rundeck \
-Dserver.datastore.path=/var/lib/rundeck/data \
-Drundeck.server.serverDir=/var/lib/rundeck \
-Drdeck.projects=/var/rundeck/projects \
-Drdeck.runlogs=/var/lib/rundeck/logs \
-Drundeck.config.location=/etc/rundeck/rundeck-config.properties \
-Drundeck.jetty.connector.forwarded=true \
-Djava.io.tmpdir=$RUNDECK_TEMPDIR"
* I added -Drundeck.jetty.connector.forwarded=true
Did something change between these two versions regarding how ACLs are defined? Are there additional logs I should look in? The audit log has no new entries since this update was performed.
Thanks,
Jaron