[jboss-user] [Security & JAAS/JBoss] - Re: Kerberos / JBoss Negotiate issues and questions
ejb3workshop
do-not-reply at jboss.com
Thu Sep 18 09:34:48 EDT 2008
One of the problems was that I did not install the latest tools from http://go.microsoft.com/fwlink/?LinkId=100114
The default tools used DES-CBC-MD5 and also set DES-only encryption on the account. After installing the updated tools the ktpass command completed as shown in the user guide.
I disable DES on the user account and re-ran the ktpass and ktab command. After restarting JBoss I am still not able to complete the secure test.
The following exception is raised.
anonymous wrote :
| 14:24:20,835 TRACE [UsersRolesLoginModule] abort
| 14:24:20,835 TRACE [SPNEGO] Login failure
| javax.security.auth.login.LoginException: Continuation Required.
| at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:156)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:597)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
| at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
| at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
| at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
| at java.lang.Thread.run(Thread.java:619)
| 14:24:20,944 TRACE [SPNEGO] End isValid, false
| 14:24:20,960 DEBUG [SPNEGOAuthenticator] authenticated principal = null
| 14:24:20,960 TRACE [SPNEGOContext] clear 20096223
| 14:24:20,960 TRACE [SecurityAssociation] clear, server=true
| 14:24:20,975 TRACE [SPNEGOAuthenticator] Authenticating user
| ...
| 14:24:21,507 TRACE [SPNEGOLoginModule] Result - java.io.IOException: Unexpected message type
| 14:24:21,507 ERROR [SPNEGOLoginModule] Unable to authenticate
| java.io.IOException: Unexpected message type
| at org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder.decodeNegTokenTargSequence(NegTokenTargDecoder.java:121)
| at org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder.decode(NegTokenTargDecoder.java:137)
| at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:261)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.Subject.doAs(Subject.java:337)
| at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:113)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:597)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
| at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
| at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
| at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
| at java.lang.Thread.run(Thread.java:619)
| 14:24:21,663 INFO [STDOUT] [Krb5LoginModule]: Entering logout
| 14:24:21,663 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
| 14:24:21,663 TRACE [SPNEGOLoginModule] abort
| 14:24:21,663 TRACE [UsersRolesLoginModule] initialize, instance=@15179443
| 14:24:21,663 TRACE [UsersRolesLoginModule] Security domain: SPNEGO
| 14:24:21,663 TRACE [UsersRolesLoginModule] findResource: null
| 14:24:21,663 TRACE [UsersRolesLoginModule] Properties file=file:/C:/jboss-4.2.3.GA/server/default/conf/props/spnego-users.properties, defaults=null
| 14:24:21,663 DEBUG [UsersRolesLoginModule] Loaded properties, users=[]
| 14:24:21,695 TRACE [UsersRolesLoginModule] findResource: null
| 14:24:21,695 TRACE [UsersRolesLoginModule] Properties file=file:/C:/jboss-4.2.3.GA/server/default/conf/props/spnego-roles.properties, defaults=null
| 14:24:21,695 DEBUG [UsersRolesLoginModule] Loaded properties, users=[operator, ahartner at TH.local, vreddy at TH, user, ahartner at TH, jamesm at TH, other, vreddy at TH.local, jamesm at TH.local, sysop]
| 14:24:21,695 TRACE [UsersRolesLoginModule] abort
| 14:24:21,695 TRACE [SPNEGO] Login failure
| javax.security.auth.login.LoginException: Unable to authenticate - Unexpected message type
| at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:136)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:597)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
| at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
| at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
| at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
| at java.lang.Thread.run(Thread.java:619)
| 14:24:21,804 TRACE [SPNEGO] End isValid, false
| 14:24:21,820 DEBUG [SPNEGOAuthenticator] authenticated principal = null
| 14:24:21,820 TRACE [SPNEGOContext] clear 20096223
| 14:24:21,820 TRACE [SecurityAssociation] clear, server=true
|
I think I am very close to get this working, just missing one or two minor things. If you have any suggestion on what I could try to get this working please let me know.
Thanks in advance.
Alex
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4177426#4177426
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4177426
More information about the jboss-user
mailing list