This discussion is archived
2 Replies Latest reply: Jul 18, 2010 11:25 PM by 843810 RSS

Kerberos  & Java GSS (JGSS) - pre-authentication required

843810 Newbie
Currently Being Moderated
Hi,

I've do some vm linux for a project:
krbsrv as kerberos server
Client as kerberos Client

When i try with jaas and jgss to signin from client to server i've a little issue.. an error code is 25 "Additional pre-authentication required" .
it works properly because the logincontext redo the authentication with the PRE_AUTH, but in DEBUG mode i see always the same error-warning :


KRBError:
     cTime is Mon May 09 12:44:57 CEST 2022 1652093097000
     sTime is Sun Jul 18 15:25:47 CEST 2010 1279459547000
     suSec is 445405
     error code is 25
     error Message is Additional pre-authentication required
     eData provided.
     msgType is 30

Pre-Authentication Data:
     PA-DATA type = 2
     PA-ENC-TIMESTAMP

Pre-Authentication Data:
     PA-DATA type = 136

Pre-Authentication Data:
     PA-DATA type = 19
     PA-ETYPE-INFO2 etype = 18

Pre-Authentication Data:
     PA-DATA type = 13

Pre-Authentication Data:
     PA-DATA type = 133

KRBError received: NEEDED_PREAUTH
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ





the program works because it redo the authentication with PREAUTH, but i want to know where i can setting to do PREAUTH First.
I have to deliver the project to my boss so i must understand how to eliminate this warning. :D


Here the code of the login to kerberos.
private void login( String username, String password) throws LoginException 
{
LoginContext loginCtx = null;

// "Client" è il tipo di autenticazione specificata nel file JAAS jaas.conf.
loginCtx = new LoginContext( "Client",new LoginCallbackHandler(username ,password ));

loginCtx.login();
this.subject = loginCtx.getSubject();

}
JAAS.CONF:
Client {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false;
};
Here the GSS Code:
private void initiateSecurityContext( String servicePrincipalName) throws GSSException 
{
GSSManager manager = GSSManager.getInstance();

Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");

GSSName serverName = manager.createName(servicePrincipalName, krb5PrincipalNameType);

final GSSContext context = manager.createContext( serverName, krb5Oid, null,GSSContext.DEFAULT_LIFETIME);

this.serviceTicket = Subject.doAs( subject, new PrivilegedAction<byte[]>() 
     {
     public byte[] run() 
          {
               try 
                    {
                         byte[] token = new byte[0];
                         context.requestMutualAuth( false);
                         context.requestCredDeleg( false);
                         return context.initSecContext( token, 0, token.length);
                    }
               catch ( GSSException e) 
                    {
                         e.printStackTrace();
                         return null;
                    }
          }
    });
}
where i can set the PRE_AUTH option ?


Thx.