[jboss-user] [Security] - Re: JBoss Negotiation - cannot even get basic negotiation to
kdolan
do-not-reply at jboss.com
Thu Nov 12 13:34:59 EST 2009
In doing more research, I learned...
1) when IE is on the same machine as JBoss, an NTLM ticket is always returned (http://www.mail-archive.com/cas@tp.its.yale.edu/msg07181.html).
when I accessed the toolkit running on frog from another computer, basic negotiation worked!
2) the security domain test did not work (from the other computer). i found this (http://mailman.mit.edu/pipermail/kerberos/2005-October/008673.html) which led me to think the one step i ignored (e.g., resetting the password) was my problem.
after i changed the password for "spnego1", re-executed the ktab command (to spnego2.keytab), etc., the security domain test worked!
at this point, the secured test is failing w/ the following exception logged:
| 13:21:59,895 ERROR [SPNEGOLoginModule] Unable to authenticate
| GSSException: Failure unspecified at GSS-API level (Mechanism level: Integrity c
| heck on decrypted field failed (31))
| at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:
| 730)
| at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
| :300)
|
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4265330#4265330
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4265330
More information about the jboss-user
mailing list