1 2 3 Previous Next 30 Replies Latest reply: Aug 17, 2010 8:05 AM by 843810 Go to original post RSS
      • 30. Re: GSSContext initialization failing when context.requestMutualAuth(true)
        Thanks for your responses!
        wangwj wrote:
        A longer packet might means using another encryption type or extra info.
        According to network traces, Kerberos debug output and configuration it should be using the same encryption type. Here's one line of the debugging output:
        >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
        You said the program hangs after context established. On exact which call is it? I see only write methods.
        No, it does not hang after context establishment. It hangs at line context.initSecContext(). I.e. in:
        while (!context.isEstablished()) {
                            context.initSecContext(this.in, this.out);
                            // send output token if generated
        Precisely on line of "context.initSecContext(this.in, this.out);", which does reading on the socket and thus is the reason why it hangs. The steps are as folllows: 1. Loop is entered, 2. context.initSecContext(this.in, this.out) & this out.flush() is executed once (I.e. a token is read from and written to the socket). 3. context.isEstablished() still evaluates to false and another iteration of the loop is done. 4. when context.initSecContext(this.in, this.out) is reached it just never finishes (unless the connection times out).

        What's going on? Again, this is supposed to be a slight modification of Sun's/Oracle's Kerberos example programs. Not even the plain vanilla example [Kerberos Client program|http://download.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/ClientServer.html] worked for me :-( Establishing a context with requestMutualAuth(false) succeeds, but is rather useless since I seem to need mutual auth for the cvs authentication... Thoughts?

        Thank you!
        1 2 3 Previous Next