This discussion is archived
0 Replies Latest reply: Sep 30, 2010 7:02 AM by 773175 RSS

Validating Kerberos Tickets

773175 Newbie
Currently Being Moderated
Hi,

My ultimate goal is to validate a kerberos ticket generated by user1 on a server side application which connects to the KDC with user2.

I have been following the examples at: http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/part2.html.

I have changed the krb5.conf to suit our environment, I have changed the jaas-krb5.conf to:
client {
     com.sun.security.auth.module.Krb5LoginModule required     
     principal="user1@DOMAIN.NL";
};

server {
     com.sun.security.auth.module.Krb5LoginModule required
     useKeyTab=true
     storeKey=true
     isInitiator=false
     keyTab="file:///C:/user2.keytab"
     principal="user2@DOMAIN.NL";
};
The prinicipal of the server is getting validated by the keytab file , login is successful, however on trying to validate the ticket , I am getting :
Entered Krb5Context.acceptSecContext with state=STATE_NEW
   EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Checksum failed !
Exception in thread "main" java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
I am new to Kerberos authentication, please can someone guide me how to do this type of validation.

Regards,
Sabyasachi.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points