Discussions
Categories
- 196.8K All Categories
- 2.2K Data
- 238 Big Data Appliance
- 1.9K Data Science
- 450.3K Databases
- 221.7K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 31 Multilingual Engine
- 550 MySQL Community Space
- 478 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3K ORDS, SODA & JSON in the Database
- 544 SQLcl
- 4K SQL Developer Data Modeler
- 187K SQL & PL/SQL
- 21.3K SQL Developer
- 295.8K Development
- 17 Developer Projects
- 138 Programming Languages
- 292.5K Development Tools
- 107 DevOps
- 3.1K QA/Testing
- 646K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 155 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.1K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 18 Java Essentials
- 160 Java 8 Questions
- 86K Java Programming
- 80 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 204 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 437 LiveLabs
- 38 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 171 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 232 Portuguese
Error "Failure unspecified at GSS-API level (Mechanism level: No cksum in AP_REQ's authenticator)" u
Hi all,
Here the context.
- SAP Mobile platform requests a Kerberos ticket for a service. Delegation is configured for it's service user (User A can requests tickets for a service which belongs to a different user)
- With this ticket, SMP authenticates the user against tomcat where an application is running with Spring Security (JGSS is doing the magic behind)
- When the module tries to validate the ticket, we have the exception described in detail at the end of the post
Caused by: org.ietf.jgss.GSSException:Failure unspecified at GSS-API level (Mechanism level: No cksum in AP_REQ'sauthenticator)
- The funny thing is with the browser (without delegation) Kerberos is working properly.
¿Any idea about what could be causing this behavior?
Thanks in advance and best regards!
Raúl
Exception
Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: No cksum in AP_REQ's authenticator)
at sun.security.jgss.krb5.InitialToken$OverloadedChecksum.<init>(InitialToken.java:220) ~[na:1.8.0_101]
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:131) ~[na:1.8.0_101]
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829) ~[na:1.8.0_101]
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) ~[na:1.8.0_101]
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) ~[na:1.8.0_101]
at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:906) ~[na:1.8.0_101]
at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556) ~[na:1.8.0_101]
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) ~[na:1.8.0_101]
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) ~[na:1.8.0_101]
here debug info shown while trying to validate ticket
Found KeyTab
/neptuno/keys/keytab/dneptuno2.bshg.com.keytab for HTTP/[email protected]
Entered Krb5Context.acceptSecContext with state=STATE_NEW
Looking for keys for: HTTP/[email protected]
Added key: 23version: 2
>>> EType:
sun.security.krb5.internal.crypto.ArcFourHmacEType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 17 16 23.
>>> EType:
sun.security.krb5.internal.crypto.ArcFourHmacEType
MemoryCache: add 1472643443/068238/C4F3C48B35155EECCF2570E4D5EBF07E/[email protected]@EUCE.CORP.BSHG.COM
to [email protected]@EUCE.CORP.BSHG.COM|HTTP/[email protected]
MemoryCache: Existing AuthList:
#1: 1472643107/247289/F8C26EA6D6BB2269AE800A3954A305DE/[email protected]@EUCE.CORP.BSHG.COM
>>> KrbApReq: authenticate succeed.