0 Replies Latest reply: Sep 30, 2010 9:02 AM by 773175 RSS

    Validating Kerberos Tickets

    773175
      Hi,

      My ultimate goal is to validate a kerberos ticket generated by user1 on a server side application which connects to the KDC with user2.

      I have been following the examples at: http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/part2.html.

      I have changed the krb5.conf to suit our environment, I have changed the jaas-krb5.conf to:
      client {
           com.sun.security.auth.module.Krb5LoginModule required     
           principal="user1@DOMAIN.NL";
      };
      
      server {
           com.sun.security.auth.module.Krb5LoginModule required
           useKeyTab=true
           storeKey=true
           isInitiator=false
           keyTab="file:///C:/user2.keytab"
           principal="user2@DOMAIN.NL";
      };
      The prinicipal of the server is getting validated by the keytab file , login is successful, however on trying to validate the ticket , I am getting :
      Entered Krb5Context.acceptSecContext with state=STATE_NEW
         EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      Checksum failed !
      Exception in thread "main" java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
      I am new to Kerberos authentication, please can someone guide me how to do this type of validation.

      Regards,
      Sabyasachi.