This discussion is archived
0 Replies Latest reply: Aug 27, 2010 3:07 AM by 843810 RSS

GSS-API java sample on Apache Directory Server.

843810 Newbie
Currently Being Moderated
http://download.oracle.com/javase/1.4.2/docs/guide/security/jgss/tutorials/BasicClientServer.htm
I am executing sample kerberos application from sun site on Apache directory server.


Error on Apache Directory Server.

[15:33:59] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
[15:34:00] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Integrity check on decrypted field failed (31)

Error running client.

C:\NeoWork\Kerboros\PlainKerboros\Client>java -Djava.security.krb5.realm=EXAMPLE
.COM -Djava.security.krb5.kdc=localhost -Djavax.security.auth.useSubjectCredsO
nly=false -Dsun.security.krb5.debug=true -Djava.security.auth.login.config=bcsLo
gin.conf SampleClient monkey@EXAMPLE.COM localhost 6800
Connected to server localhost/127.0.0.1
Kerberos username [vasudr]: monkey
Kerberos password for monkey: Password1234
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=localhost UDP:88, timeout=30000, number of retries =3, #
bytes=145
KDCCommunication: kdc=localhost UDP:88, timeout=30000,Attempt =1, #bytes=145
KrbKdcReq send: #bytes read=173
KrbKdcReq send: #bytes read=173
KDCRep: init() encoding tag is 126 req type is 11
KRBError:
sTime is Fri Aug 27 15:33:59 IST 2010 1282903439000
suSec is 0
error code is 25
error Message is Additional pre-authentication required
realm is EXAMPLE.COM
sname is krbtgt/EXAMPLE.COM
eData provided.
msgType is 30
Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
Pre-Authentication Data:
PA-DATA type = 11
PA-ETYPE-INFO etype = 3
KRBError received: Additional pre-authentication required
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Pre-Authentication: Set preferred etype = 3
KrbAsReq salt is EXAMPLE.COMmonkey
Pre-Authenticaton: find key for etype = 3
AS-REQ: Add PA_ENC_TIMESTAMP now
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=localhost UDP:88, timeout=30000, number of retries =3, #
bytes=215
KDCCommunication: kdc=localhost UDP:88, timeout=30000,Attempt =1, #bytes=215
KrbKdcReq send: #bytes read=139
KrbKdcReq send: #bytes read=139
KDCRep: init() encoding tag is 126 req type is 11
KRBError:
sTime is Fri Aug 27 15:34:00 IST 2010 1282903440000
suSec is 0
error code is 31
error Message is Integrity check on decrypted field failed
realm is EXAMPLE.COM
sname is krbtgt/EXAMPLE.COM
msgType is 30
KRBError received: Integrity check on decrypted field failed
GSSException: No valid credentials provided (Mechanism level: Attempt to obtain
new INITIATE credentials failed! (null))
at sun.security.jgss.krb5.Krb5InitCredential.getTgtFromSubject(Unknown S
ource)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown S
ource)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(Unknown Source)

at sun.security.jgss.GSSCredentialImpl.add(Unknown Source)
at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at SampleClient.main(SampleClient.java:144)
Caused by: javax.security.auth.login.LoginException: Integrity check on decrypte
d field failed (31) - Integrity check on decrypted field failed
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Un
known Source)
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at sun.security.jgss.LoginUtility.login(Unknown Source)
at sun.security.jgss.krb5.Krb5Util.getTicketFromSubject(Unknown Source)
at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 11 more
Caused by: KrbException: Integrity check on decrypted field failed (31) - Integr
ity check on decrypted field failed
at sun.security.krb5.KrbAsRep.<init>(Unknown Source)
at sun.security.krb5.KrbAsReq.getReply(Unknown Source)
at sun.security.krb5.Credentials.sendASRequest(Unknown Source)
at sun.security.krb5.Credentials.acquireTGT(Unknown Source)
... 27 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.<init>(Unknown Source)
... 31 more
Exception in thread "main" GSSException: No valid credentials provided
at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at SampleClient.main(SampleClient.java:144)