This discussion is archived
2 Replies Latest reply: Jul 18, 2010 11:25 PM by 843810 RSS

Kerberos  & Java GSS (JGSS) - pre-authentication required

843810 Newbie
Currently Being Moderated

I've do some vm linux for a project:
krbsrv as kerberos server
Client as kerberos Client

When i try with jaas and jgss to signin from client to server i've a little issue.. an error code is 25 "Additional pre-authentication required" .
it works properly because the logincontext redo the authentication with the PRE_AUTH, but in DEBUG mode i see always the same error-warning :

     cTime is Mon May 09 12:44:57 CEST 2022 1652093097000
     sTime is Sun Jul 18 15:25:47 CEST 2010 1279459547000
     suSec is 445405
     error code is 25
     error Message is Additional pre-authentication required
     eData provided.
     msgType is 30

Pre-Authentication Data:
     PA-DATA type = 2

Pre-Authentication Data:
     PA-DATA type = 136

Pre-Authentication Data:
     PA-DATA type = 19
     PA-ETYPE-INFO2 etype = 18

Pre-Authentication Data:
     PA-DATA type = 13

Pre-Authentication Data:
     PA-DATA type = 133


the program works because it redo the authentication with PREAUTH, but i want to know where i can setting to do PREAUTH First.
I have to deliver the project to my boss so i must understand how to eliminate this warning. :D

Here the code of the login to kerberos.
private void login( String username, String password) throws LoginException 
LoginContext loginCtx = null;

// "Client" è il tipo di autenticazione specificata nel file JAAS jaas.conf.
loginCtx = new LoginContext( "Client",new LoginCallbackHandler(username ,password ));

this.subject = loginCtx.getSubject();

Client { required
Here the GSS Code:
private void initiateSecurityContext( String servicePrincipalName) throws GSSException 
GSSManager manager = GSSManager.getInstance();

Oid krb5PrincipalNameType = new Oid("1.2.840.113554.");

GSSName serverName = manager.createName(servicePrincipalName, krb5PrincipalNameType);

final GSSContext context = manager.createContext( serverName, krb5Oid, null,GSSContext.DEFAULT_LIFETIME);

this.serviceTicket = Subject.doAs( subject, new PrivilegedAction<byte[]>() 
     public byte[] run() 
                         byte[] token = new byte[0];
                         context.requestMutualAuth( false);
                         context.requestCredDeleg( false);
                         return context.initSecContext( token, 0, token.length);
               catch ( GSSException e) 
                         return null;
where i can set the PRE_AUTH option ?