[jboss-user] [Security & JAAS/JBoss] - Re: Issues with JBoss Negotiation
danielmesser
do-not-reply at jboss.com
Wed Feb 11 23:24:37 EST 2009
Darran,
As per your suggestion, I upgraded Firefox to Firefox3. It still doesn't work but now I get the following error:
Any ideas?
Thanks
20:57:14,091 INFO [SPNEGOAuthenticator] Header - null
20:57:14,187 INFO [SPNEGOAuthenticator] Header - Negotiate YIICTQYGKwYBBQUCoIICQTCCAj2gHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggIYBIICFGCCAhAGCSqGSIb3EgECAgEAboIB/zCCAfugAwIBBaEDAgEOogcDBQAAAAAAo4IBF2GCARMwggEPoAMCAQWhDRsLU0xDLlNHSS5DT02iJzAloAMCAQOhHjAcGwRIVFRQGxRsbnguYW1lcmljYXMuc2dpLmNvbaOBzzCBzKADAgEQoQMCAQOigb8Egbw5tg/oKgy6xWSvNU7juU3zFBuOSf5C6P4Uowezrgqne53q5+LxA5X8FPyycisYeF1MF49hOOvj45elsmtkGL/7X5GiScnKaITtoSWkS7J8SAtWCj+HXUQpuJIUv8r0wjd572BlRELOvcPm7kdxTWD9txRTzSFEbnOvZIeRW71Mk+kZAl3NxiOiPJkUBj5s2Y4WPilU8f9eeXuls3CKXafYsJaFyFuhnV5ds920VOBoHTlkpJPp1qnoFpiqGqSByjCBx6ADAgEQooG/BIG8FFQkcwz6d/+/RsoYKXn+PqBwrmW0eZI3cKumgy9R3uvsNgmn3PcBOdEn6XtFVyhPT50YjaMEuzTT9EdSiHXqbjcg+HAEYC3a47Za/VkuGR6PDcrvO00M0lUk1ngBiTzcA1Su6ad6Pfy8jPnvm0UO0AGJsqg6ZXqjlvBiSgeZm769mv207jRFn1PXGgpAmj0F6jm0k58a6oHFTI+HEr6cy7xk9A9vwsGP61bo2kakE5NQog880Gn/odVPt5o=
20:57:14,188 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /etc/krb5.keytab refreshKrb5Config is false principal is host/lnx.americas.sgi.com at SLC.SGI.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
20:57:14,189 INFO [STDOUT] principal's key obtained from the keytab
20:57:14,189 INFO [STDOUT] Acquire TGT using AS Exchange
20:57:14,236 INFO [STDOUT] principal is host/lnx.americas.sgi.com at SLC.SGI.COM
20:57:14,237 INFO [STDOUT] EncryptionKey: keyType=1 keyBytes (hex dump)=0000: EA 7F 1F 73 8F 89 7C 08
20:57:14,237 INFO [STDOUT] EncryptionKey: keyType=16 keyBytes (hex dump)=0000: 64 CD 57 D9 B0 C2 19 D0 85 DF 5E 0B 6D 43 CD 37 d.W.......^.mC.7
0010: CD B3 CB B5 0D 5D DC 13
20:57:14,237 INFO [STDOUT] Added server's keyKerberos Principal host/lnx.americas.sgi.com at SLC.SGI.COMKey Version 3key EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: EA 7F 1F 73 8F 89 7C 08
20:57:14,237 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/lnx.americas.sgi.com at SLC.SGI.COM to Subject
20:57:14,237 INFO [STDOUT] Added server's keyKerberos Principal host/lnx.americas.sgi.com at SLC.SGI.COMKey Version 3key EncryptionKey: keyType=16 keyBytes (hex dump)=
0000: 64 CD 57 D9 B0 C2 19 D0 85 DF 5E 0B 6D 43 CD 37 d.W.......^.mC.7
0010: CD B3 CB B5 0D 5D DC 13
20:57:14,237 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/lnx.americas.sgi.com at SLC.SGI.COM to Subject
20:57:14,237 INFO [STDOUT] Commit Succeeded
20:57:14,241 ERROR [SPNEGOLoginModule] Unable to authenticate
GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:730)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:295)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:113)
at sun.reflect.GeneratedMethodAccessor77.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:595)
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:77)
at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:69)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:167)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
at sun.security.krb5.KrbApReq.(KrbApReq.java:134)
at sun.security.jgss.krb5.InitSecContextToken.(InitSecContextToken.java:79)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:715)
... 31 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.DkCrypto.decrypt(DkCrypto.java:354)
at sun.security.krb5.internal.crypto.Des3.decrypt(Des3.java:57)
at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:75)
... 37 more
20:57:14,243 INFO [STDOUT] [Krb5LoginModule]: Entering logout
20:57:14,243 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4209332#4209332
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4209332
More information about the jboss-user
mailing list