0 Replies Latest reply: Nov 4, 2010 6:40 AM by 810539 RSS

    Kerberos problems when using SaslClient and SaslServer

    810539
      Hi, I'm trying to use javax.security.sasl.SaslClient and SaslServer with Kerberos authentication.

      Here's what the client debug output says:

      Acquire TGT from Cache ....
      Kerberos User...
      Kerberos Pass...
      Acquire TGT using AS Exchange.
      EncryptionKey: keyType=3 ....
      EncryptionKey: keyType=1 ....
      EncryptionKey: keyType=23 ....
      EncryptionKey: keyType=16 ....
      EncryptionKey: keyType=17 ....
      EncryptionKey: keyType=18 ....
      Commit succeeded

      And the server:

      principal's key obtained from the keytab
      principal is ....
      EncryptionKey: keyType=3 ....
      Added servers ....
      Commit succeeded

      The Sasl client got an initial response which I suppose is the AP-REQ
      But when evaluating it at the server side with evaluateResponse();
      An exception is thrown GSS initate failed [Caused by GSSException: DerInputStream.getLength(): lengthTag=111, too big.]

      Both client and server are in the same realm.
      The keytab is generated with ktpass -crypto des-cbc-md5 +DesOnly -ptype KRB5_NT_PRINCIPAL

      So what am I doing wrong?