[jboss-user] [Security & JAAS/JBoss] - Re: Error 401 in jboss Negotiation war for the secured test
ellis2323
do-not-reply at jboss.com
Sun Mar 1 11:30:24 EST 2009
i have changed my krb5.conf with :
| [libdefaults]
| default_realm = SCIGEMS.ORG
| dns_lookup_realm = true
| dns_lookup_kdc = true
| ticket_lifetime = 24h
| forwardable = yes
| default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
| default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
| permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
|
But this isn't better.
| 17:25:45,212 INFO [STDOUT] Added server's keyKerberos Principal host/server1.scigems.org at SCIGEMS.ORGKey Version 10key EncryptionKey: keyType=1 keyBytes (hex dump)=
| 0000: 16 EA 98 02 F2 C4 51 9E
| 17:25:45,212 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/server1.scigems.org at SCIGEMS.ORG to Subject
| 17:25:45,212 INFO [STDOUT] Added server's keyKerberos Principal host/server1.scigems.org at SCIGEMS.ORGKey Version 10key EncryptionKey: keyType=23 keyBytes (hex dump)=
| 0000: EE CF CF 55 CD 38 50 00 3E 4E 6A 7A E5 44 24 96 ...U.8P.>Njz.D$.
| 17:25:45,213 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/server1.scigems.org at SCIGEMS.ORG to Subject
| 17:25:45,213 INFO [STDOUT] Added server's keyKerberos Principal host/server1.scigems.org at SCIGEMS.ORGKey Version 10key EncryptionKey: keyType=16 keyBytes (hex dump)=
| 0000: 68 A7 70 31 31 01 45 3D AB 08 83 F2 20 67 EA 15 h.p11.E=.... g..
| 0010: 64 FB EF 1A 97 45 4A B0
| 17:25:45,213 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/server1.scigems.org at SCIGEMS.ORG to Subject
| 17:25:45,213 INFO [STDOUT] Added server's keyKerberos Principal host/server1.scigems.org at SCIGEMS.ORGKey Version 10key EncryptionKey: keyType=17 keyBytes (hex dump)=
| 0000: D8 C3 7C 67 C3 C7 60 60 56 43 31 96 67 3E 4A 53 ...g..``VC1.g>JS
| 17:25:45,213 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/server1.scigems.org at SCIGEMS.ORG to Subject
| 17:25:45,214 INFO [STDOUT] Added server's keyKerberos Principal host/server1.scigems.org at SCIGEMS.ORGKey Version 10key EncryptionKey: keyType=18 keyBytes (hex dump)=
| 0000: 7C 7F 21 2C E9 3C 08 E7 8A 8B 36 F3 44 D6 2C 1A ..!,.<....6.D.,.
| 0010: 96 16 75 46 62 04 60 22 C8 33 3E CD 15 6C 3E D7 ..uFb.`".3>..l>.
| 17:25:45,216 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/server1.scigems.org at SCIGEMS.ORG to Subject
| 17:25:45,217 INFO [STDOUT] Commit Succeeded
| 17:25:45,282 INFO [STDOUT] Found key for host/server1.scigems.org at SCIGEMS.ORG(18)
| 17:25:45,282 INFO [STDOUT] Found key for host/server1.scigems.org at SCIGEMS.ORG(1)
| 17:25:45,283 INFO [STDOUT] Found key for host/server1.scigems.org at SCIGEMS.ORG(23)
| 17:25:45,283 INFO [STDOUT] Found key for host/server1.scigems.org at SCIGEMS.ORG(16)
| 17:25:45,284 INFO [STDOUT] Found key for host/server1.scigems.org at SCIGEMS.ORG(17)
| 17:25:45,286 INFO [STDOUT] Entered Krb5Context.acceptSecContext with state=STATE_NEW
| 17:25:45,291 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType
| 17:25:45,294 ERROR [SPNEGOLoginModule] Unable to authenticate
| GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
| at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:757)
| at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:341)
| at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
| at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:294)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.Subject.doAs(Subject.java:357)
| at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:118)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
| at java.lang.reflect.Method.invoke(Method.java:616)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
| at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
| at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
| at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
| at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Thread.java:636)
| Caused by: KrbException: Checksum failed
| at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:96)
| at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:88)
| at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:176)
| at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)
| at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:145)
| at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:103)
| at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:740)
| ... 36 more
| Caused by: java.security.GeneralSecurityException: Checksum failed
| at sun.security.krb5.internal.crypto.dk.DkCrypto.decrypt(DkCrypto.java:362)
| at sun.security.krb5.internal.crypto.Des3.decrypt(Des3.java:79)
| at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:94)
| ... 42 more
| 17:25:45,298 INFO [STDOUT] [Krb5LoginModule]: Entering logout
| 17:25:45,298 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
|
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4214009#4214009
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4214009
More information about the jboss-user
mailing list