[jboss-user] [Security & JAAS/JBoss] - jboss negotiation toolkit

ellis2323 do-not-reply at jboss.com
Tue Mar 24 13:01:18 EDT 2009 

I try to test jboss-negotiation on Jboss 5.0.1GA and Linux 64bits.

Test 1 and Test 2 are ok. But the third (Secured) doesn't work on my system.

My keytab is well configured. But the SNPEGO Token doesn't work. I try
with others crypto without sucess (AES 256/ AES 128 / DES / ARCFOUR).

Typical trace : 
3:45:53,233 INFO  [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
  | 13:45:53,280 INFO  [AjpProtocol] Starting Coyote AJP/1.3 on ajp-0.0.0.0-8009
  | 13:45:53,309 INFO  [ServerImpl] JBoss (Microcontainer) [5.0.1.GA (build: SVNTag=JBoss_5_0_1_GA date=200902232048)] Started in 1m:9s:397ms
  | 13:46:06,376 INFO  [STDOUT] Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /etc/krb5.keytab refreshKrb5Config is false principal is host/server2.scigems.org at SCIGEMS.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
  | 13:46:07,007 INFO  [STDOUT] principal's key obtained from the keytab
  | 13:46:07,007 INFO  [STDOUT] Acquire TGT using AS Exchange
  | 13:46:08,279 INFO  [STDOUT] principal is host/server2.scigems.org at SCIGEMS.ORG
  | 13:46:08,280 INFO  [STDOUT] EncryptionKey: keyType=17 keyBytes (hex dump)=0000: 33 46 86 8A 9A F5 D6 51   FB 39 7A E9 06 CC F2 50  3F.....Q.9z....P
  | 13:46:08,292 INFO  [STDOUT] Added server's keyKerberos Principal host/server2.scigems.org at SCIGEMS.ORGKey Version 2key EncryptionKey: keyType=17 keyBytes (hex dump)=
  | 0000: 33 46 86 8A 9A F5 D6 51   FB 39 7A E9 06 CC F2 50  3F.....Q.9z....P
  | 13:46:08,293 INFO  [STDOUT] 		[Krb5LoginModule] added Krb5Principal  host/server2.scigems.org at SCIGEMS.ORG to Subject
  | 13:46:08,293 INFO  [STDOUT] Commit Succeeded 
  | 13:51:37,810 ERROR [STDERR] Checksum failed !
  | 14:17:13,665 ERROR [SPNEGOLoginModule] Unable to authenticate
  | GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
  | 	at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
  | 	at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
  | 	at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
  | 	at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:294)
  | 	at java.security.AccessController.doPrivileged(Native Method)
  | 	at javax.security.auth.Subject.doAs(Subject.java:337)
  | 	at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:118)
  | 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  | 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  | 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  | 	at java.lang.reflect.Method.invoke(Method.java:597)
  | 	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  | 	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  | 	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  | 	at java.security.AccessController.doPrivileged(Native Method)
  | 	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  | 	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  | 	at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
  | 	at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
  | 	at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
  | 	at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
  | 	at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
  | 	at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
  | 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
  | 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
  | 	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
  | 	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
  | 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
  | 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
  | 	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
  | 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  | 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
  | 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
  | 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
  | 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
  | 	at java.lang.Thread.run(Thread.java:619)
  | Caused by: KrbException: Checksum failed
  | 	at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:85)
  | 	at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:77)
  | 	at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
  | 	at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
  | 	at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
  | 	at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
  | 	at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
  | 	... 35 more
  | Caused by: java.security.GeneralSecurityException: Checksum failed
  | 	at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:431)
  | 	at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:254)
  | 	at sun.security.krb5.internal.crypto.Aes128.decrypt(Aes128.java:59)
  | 	at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:83)
  | 	... 41 more
  | 14:17:13,679 INFO  [STDOUT] 		[Krb5LoginModule]: Entering logout
  | 14:17:13,680 INFO  [STDOUT] 		[Krb5LoginModule]: logged out Subject
  | 




View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4220702#4220702

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4220702

More information about the jboss-user mailing list