0 Replies Latest reply: Aug 27, 2010 5:07 AM by 843810 RSS

    GSS-API java sample on Apache Directory Server.

    843810
      http://download.oracle.com/javase/1.4.2/docs/guide/security/jgss/tutorials/BasicClientServer.htm
      I am executing sample kerberos application from sun site on Apache directory server.


      Error on Apache Directory Server.

      [15:33:59] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
      [15:34:00] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Integrity check on decrypted field failed (31)

      Error running client.

      C:\NeoWork\Kerboros\PlainKerboros\Client>java -Djava.security.krb5.realm=EXAMPLE
      .COM -Djava.security.krb5.kdc=localhost -Djavax.security.auth.useSubjectCredsO
      nly=false -Dsun.security.krb5.debug=true -Djava.security.auth.login.config=bcsLo
      gin.conf SampleClient monkey@EXAMPLE.COM localhost 6800
      Connected to server localhost/127.0.0.1
      Kerberos username [vasudr]: monkey
      Kerberos password for monkey: Password1234
      Using builtin default etypes for default_tkt_enctypes
      default etypes for default_tkt_enctypes: 3 1 23 16 17.
      Using builtin default etypes for default_tkt_enctypes
      default etypes for default_tkt_enctypes: 3 1 23 16 17.
      KrbAsReq calling createMessage
      KrbAsReq in createMessage
      KrbKdcReq send: kdc=localhost UDP:88, timeout=30000, number of retries =3, #
      bytes=145
      KDCCommunication: kdc=localhost UDP:88, timeout=30000,Attempt =1, #bytes=145
      KrbKdcReq send: #bytes read=173
      KrbKdcReq send: #bytes read=173
      KDCRep: init() encoding tag is 126 req type is 11
      KRBError:
      sTime is Fri Aug 27 15:33:59 IST 2010 1282903439000
      suSec is 0
      error code is 25
      error Message is Additional pre-authentication required
      realm is EXAMPLE.COM
      sname is krbtgt/EXAMPLE.COM
      eData provided.
      msgType is 30
      Pre-Authentication Data:
      PA-DATA type = 2
      PA-ENC-TIMESTAMP
      Pre-Authentication Data:
      PA-DATA type = 11
      PA-ETYPE-INFO etype = 3
      KRBError received: Additional pre-authentication required
      AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
      Using builtin default etypes for default_tkt_enctypes
      default etypes for default_tkt_enctypes: 3 1 23 16 17.
      Pre-Authentication: Set preferred etype = 3
      KrbAsReq salt is EXAMPLE.COMmonkey
      Pre-Authenticaton: find key for etype = 3
      AS-REQ: Add PA_ENC_TIMESTAMP now
      EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
      KrbAsReq calling createMessage
      KrbAsReq in createMessage
      KrbKdcReq send: kdc=localhost UDP:88, timeout=30000, number of retries =3, #
      bytes=215
      KDCCommunication: kdc=localhost UDP:88, timeout=30000,Attempt =1, #bytes=215
      KrbKdcReq send: #bytes read=139
      KrbKdcReq send: #bytes read=139
      KDCRep: init() encoding tag is 126 req type is 11
      KRBError:
      sTime is Fri Aug 27 15:34:00 IST 2010 1282903440000
      suSec is 0
      error code is 31
      error Message is Integrity check on decrypted field failed
      realm is EXAMPLE.COM
      sname is krbtgt/EXAMPLE.COM
      msgType is 30
      KRBError received: Integrity check on decrypted field failed
      GSSException: No valid credentials provided (Mechanism level: Attempt to obtain
      new INITIATE credentials failed! (null))
      at sun.security.jgss.krb5.Krb5InitCredential.getTgtFromSubject(Unknown S
      ource)
      at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)

      at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown S
      ource)
      at sun.security.jgss.GSSManagerImpl.getCredentialElement(Unknown Source)

      at sun.security.jgss.GSSCredentialImpl.add(Unknown Source)
      at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
      at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
      at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)
      at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
      at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
      at SampleClient.main(SampleClient.java:144)
      Caused by: javax.security.auth.login.LoginException: Integrity check on decrypte
      d field failed (31) - Integrity check on decrypted field failed
      at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Un
      known Source)
      at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at javax.security.auth.login.LoginContext.invoke(Unknown Source)
      at javax.security.auth.login.LoginContext.access$000(Unknown Source)
      at javax.security.auth.login.LoginContext$4.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
      at javax.security.auth.login.LoginContext.login(Unknown Source)
      at sun.security.jgss.LoginUtility.login(Unknown Source)
      at sun.security.jgss.krb5.Krb5Util.getTicketFromSubject(Unknown Source)
      at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
      ... 11 more
      Caused by: KrbException: Integrity check on decrypted field failed (31) - Integr
      ity check on decrypted field failed
      at sun.security.krb5.KrbAsRep.<init>(Unknown Source)
      at sun.security.krb5.KrbAsReq.getReply(Unknown Source)
      at sun.security.krb5.Credentials.sendASRequest(Unknown Source)
      at sun.security.krb5.Credentials.acquireTGT(Unknown Source)
      ... 27 more
      Caused by: KrbException: Identifier doesn't match expected value (906)
      at sun.security.krb5.internal.KDCRep.init(Unknown Source)
      at sun.security.krb5.internal.ASRep.init(Unknown Source)
      at sun.security.krb5.internal.ASRep.<init>(Unknown Source)
      ... 31 more
      Exception in thread "main" GSSException: No valid credentials provided
      at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
      at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
      at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)
      at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
      at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
      at SampleClient.main(SampleClient.java:144)