[jboss-user] [Security & JAAS/JBoss] - jboss negotiation toolkit
ellis2323
do-not-reply at jboss.com
Tue Mar 24 13:01:18 EDT 2009
I try to test jboss-negotiation on Jboss 5.0.1GA and Linux 64bits.
Test 1 and Test 2 are ok. But the third (Secured) doesn't work on my system.
My keytab is well configured. But the SNPEGO Token doesn't work. I try
with others crypto without sucess (AES 256/ AES 128 / DES / ARCFOUR).
Typical trace :
3:45:53,233 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
| 13:45:53,280 INFO [AjpProtocol] Starting Coyote AJP/1.3 on ajp-0.0.0.0-8009
| 13:45:53,309 INFO [ServerImpl] JBoss (Microcontainer) [5.0.1.GA (build: SVNTag=JBoss_5_0_1_GA date=200902232048)] Started in 1m:9s:397ms
| 13:46:06,376 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /etc/krb5.keytab refreshKrb5Config is false principal is host/server2.scigems.org at SCIGEMS.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
| 13:46:07,007 INFO [STDOUT] principal's key obtained from the keytab
| 13:46:07,007 INFO [STDOUT] Acquire TGT using AS Exchange
| 13:46:08,279 INFO [STDOUT] principal is host/server2.scigems.org at SCIGEMS.ORG
| 13:46:08,280 INFO [STDOUT] EncryptionKey: keyType=17 keyBytes (hex dump)=0000: 33 46 86 8A 9A F5 D6 51 FB 39 7A E9 06 CC F2 50 3F.....Q.9z....P
| 13:46:08,292 INFO [STDOUT] Added server's keyKerberos Principal host/server2.scigems.org at SCIGEMS.ORGKey Version 2key EncryptionKey: keyType=17 keyBytes (hex dump)=
| 0000: 33 46 86 8A 9A F5 D6 51 FB 39 7A E9 06 CC F2 50 3F.....Q.9z....P
| 13:46:08,293 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/server2.scigems.org at SCIGEMS.ORG to Subject
| 13:46:08,293 INFO [STDOUT] Commit Succeeded
| 13:51:37,810 ERROR [STDERR] Checksum failed !
| 14:17:13,665 ERROR [SPNEGOLoginModule] Unable to authenticate
| GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
| at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
| at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
| at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
| at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:294)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.Subject.doAs(Subject.java:337)
| at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:118)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:597)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
| at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
| at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
| at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
| at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Thread.java:619)
| Caused by: KrbException: Checksum failed
| at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:85)
| at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:77)
| at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
| at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
| at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
| at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
| at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
| ... 35 more
| Caused by: java.security.GeneralSecurityException: Checksum failed
| at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:431)
| at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:254)
| at sun.security.krb5.internal.crypto.Aes128.decrypt(Aes128.java:59)
| at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:83)
| ... 41 more
| 14:17:13,679 INFO [STDOUT] [Krb5LoginModule]: Entering logout
| 14:17:13,680 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
|
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4220702#4220702
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4220702
More information about the jboss-user
mailing list