[jboss-user] [Security] - Re: JBoss Negotiation - cannot even get basic negotiation to

kdolan do-not-reply at jboss.com
Thu Nov 12 13:34:59 EST 2009

In doing more research, I learned...

1) when IE is on the same machine as JBoss, an NTLM ticket is always returned (http://www.mail-archive.com/cas@tp.its.yale.edu/msg07181.html).

when I accessed the toolkit running on frog from another computer, basic negotiation worked!

2) the security domain test did not work (from the other computer).  i found this (http://mailman.mit.edu/pipermail/kerberos/2005-October/008673.html) which led me to think the one step i ignored (e.g., resetting the password) was my problem.  

after i changed the password for "spnego1", re-executed the ktab command (to spnego2.keytab), etc., the security domain test worked!

at this point, the secured test is failing w/ the following exception logged:

  | 13:21:59,895 ERROR [SPNEGOLoginModule] Unable to authenticate
  | GSSException: Failure unspecified at GSS-API level (Mechanism level: Integrity c
  | heck on decrypted field failed (31))
  |         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:
  | 730)
  |         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
  | :300)

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4265330#4265330

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4265330

More information about the jboss-user mailing list