Troubleshooting
Problem
EKM server has "Server.authMechanism = LocalOS" set. However, CLI login using Local OS user id and password fails.
Symptom
Audit log recorded following error:
Runtime event:[
timestamp=Fri Nov 16 11:55:43 EST 2007
ComponentId=[threadId=Thread[main,5,main]]
event source=com.ibm.keymanager.cb
outcome=[result=successful]
event type=SECURITY_RUNTIME
resource=[name=EKM server;type=application]
action=start
user=[name=EKMAdmin]
]
Authentication event:[
timestamp=Fri Nov 16 12:12:25 EST 2007
ComponentId=[threadId=Thread[Thread-15,5,KeyManagementServerV2-Processors]]
event source=com.ibm.keymanager.c.c
outcome=[result=unsuccessful]
event type=SECURITY_AUTHN
anthentication type=TokenUserName
users=[name=walkerdw]
]
Debug log recorded following error:
ALL:
javax.security.auth.login.LoginException: Couldn't open the service pipe 2
at com.ibm.security.auth.module.NTActiveSystem.getThisOne(Native Method)
at com.ibm.security.auth.module.NTActiveSystem.<init>(NTActiveSystem.java:98)
Cause
The line "Server.jaaslogoninstalled = yes" had been added manually on EKM properties file
Resolving The Problem
The line "Server.jaaslogoninstalled = yes" should not be added manually. This line is automatically added by EKM server on the run if Server.authMechanism is set to yes. The absence of the line helps EKM server identify that the required JAAS logon code is missing and hence add it consequently.
Deleting the line "Server.jaaslogoninstalled = yes" and restarting EKM server service fixes the problem. Note that EKM service should be stopped before making changes to properties file.
Product Synonym
EKM JAVA SECURITY ENCRYPTION KEY MANAGER
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21289633