[jboss-user] [Security & JAAS/JBoss] - Re: JBoss on Windows XP, Kerberos MIT on unix, SPNEGO issue
neoben
do-not-reply at jboss.com
Wed Feb 18 11:39:09 EST 2009
Excellent, I have the Basic Negociation working! WireShark showed that http/hostmane.mycompany.net at MYCOMPANY.NET was not correct. It should have been HTTP/hostmane.mycompany.net at MYCOMPANY.NET.
The Secured servlet still does not work though...and this time, wireshark is not so helpful...Server and client are on the same machine and I see AS-REQ, AS-REP, TGS-REQ, TGS-REP, and nothing else. The web page shows the classic HTTP 401.
JBoss logs are not very helpful as well:
16:38:04,763 DEBUG [NegotiationAuthenticator] Header - null
16:38:04,763 DEBUG [NegotiationAuthenticator] No Authorization Header, sending 401
16:38:13,435 DEBUG [NegotiationAuthenticator] Header - Negotiate YIICYgYGKwYBBQUCoIICVjCCAlKgHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggItBIICKWCCAiUGCSqGSIb3EgECAgEAboICFDCCAhCgAwIBBaEDAgEOogcDBQAAAAAAo4IBJGGCASAwggEcoAMCAQWhEBsOSU5GT1JTRU5TRS5ORVSiKTAnoAMCAQOhIDAeGwRIVFRQGxZwY2hldW5nLmluZm9yc2Vuc2UubmV0o4HXMIHUoAMCARChAwIBA6KBxwSBxMN0tXxozo4FZAAj8ls+xYdEieWKovPbZpH3KbkuEUVzVmzVMCr6xk4I1n4q/vg4YgEP067G7tWWKpDo1p2e3yQBjfTdFwH/7G8fEoVDlLi2bkzzYdh4laxKfOSyeQTfypzYQ86DoO1QEWecYZtS1gGdn04kQRwtIDhAtA5DUFHyxX5b4XcsvIqdXM/f6ADlsh/gYRIp/GXHDxl04Y350uMmCwrhyEvaexZ87clNYtGmzedRz6SjGu9nPn+j2by21dXU6OykgdIwgc+gAwIBEKKBxwSBxPqz5XPUcOIPpVFWPhIgdPLQ/U/MR2voZzLqvNSLQiUB3hCtHKYjN7JElbp2rYfP19ZIxG3OiOrJfZxXAnnKVTFzcg6KBISc+mtcfdbhT8XW5rcZg436yXkodYLHKeZMmryzljKTyB6uuozSwJI/MXf7zw/Ilw4O9oGqBRKLqBsL7TUL/psHKz58mHyW1EcgGIn4Ckc8LYIE916lZpn6QQ8aiaVaCSkwECMVjDI6+A2VmZ1jLq5AOQ+iIR9WLr5v7RLrIHM=
16:38:13,498 DEBUG [NegotiationAuthenticator] Creating new NegotiationContext
16:38:13,576 DEBUG [SPNEGO] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler at 1dae16a
16:38:13,576 DEBUG [JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager at 104fb34
16:38:13,576 DEBUG [SPNEGO] CachePolicy set to: org.jboss.util.TimedCachePolicy at 81371
16:38:13,576 DEBUG [JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy at 81371
16:38:13,592 DEBUG [JaasSecurityManagerService] Added SPNEGO, org.jboss.security.plugins.SecurityDomainContext at 349826 to map
It looks like my user is not authorized to use the jboss service...arg... I created the keytab file using the command described in this page: http://www.jerkys.org/wiki/display/jerkysORG/Creating+a+Kerberos+Keytab+file+(UNIX)
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4211173#4211173
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4211173
More information about the jboss-user
mailing list