2 Replies Latest reply on Jul 19, 2010 6:25 AM by 843810

    Kerberos  & Java GSS (JGSS) - pre-authentication required


      I've do some vm linux for a project:
      krbsrv as kerberos server
      Client as kerberos Client

      When i try with jaas and jgss to signin from client to server i've a little issue.. an error code is 25 "Additional pre-authentication required" .
      it works properly because the logincontext redo the authentication with the PRE_AUTH, but in DEBUG mode i see always the same error-warning :

           cTime is Mon May 09 12:44:57 CEST 2022 1652093097000
           sTime is Sun Jul 18 15:25:47 CEST 2010 1279459547000
           suSec is 445405
           error code is 25
           error Message is Additional pre-authentication required
           eData provided.
           msgType is 30

      Pre-Authentication Data:
           PA-DATA type = 2

      Pre-Authentication Data:
           PA-DATA type = 136

      Pre-Authentication Data:
           PA-DATA type = 19
           PA-ETYPE-INFO2 etype = 18

      Pre-Authentication Data:
           PA-DATA type = 13

      Pre-Authentication Data:
           PA-DATA type = 133

      KRBError received: NEEDED_PREAUTH

      the program works because it redo the authentication with PREAUTH, but i want to know where i can setting to do PREAUTH First.
      I have to deliver the project to my boss so i must understand how to eliminate this warning. :D

      Here the code of the login to kerberos.
      private void login( String username, String password) throws LoginException 
      LoginContext loginCtx = null;
      // "Client" è il tipo di autenticazione specificata nel file JAAS jaas.conf.
      loginCtx = new LoginContext( "Client",new LoginCallbackHandler(username ,password ));
      this.subject = loginCtx.getSubject();
      Client {
      com.sun.security.auth.module.Krb5LoginModule required
      Here the GSS Code:
      private void initiateSecurityContext( String servicePrincipalName) throws GSSException 
      GSSManager manager = GSSManager.getInstance();
      Oid krb5PrincipalNameType = new Oid("1.2.840.113554.");
      GSSName serverName = manager.createName(servicePrincipalName, krb5PrincipalNameType);
      final GSSContext context = manager.createContext( serverName, krb5Oid, null,GSSContext.DEFAULT_LIFETIME);
      this.serviceTicket = Subject.doAs( subject, new PrivilegedAction<byte[]>() 
           public byte[] run() 
                               byte[] token = new byte[0];
                               context.requestMutualAuth( false);
                               context.requestCredDeleg( false);
                               return context.initSecContext( token, 0, token.length);
                     catch ( GSSException e) 
                               return null;
      where i can set the PRE_AUTH option ?