2 Replies Latest reply: Mar 24, 2010 4:07 PM by 843810 RSS

    java.security.GeneralSecurityException: Checksum failed  for GssServer

    843810
      Dear All


      I have exactly the same problem as descripted in this thread:
      http://forums.sun.com/thread.jspa?threadID=5284122&tstart=45
      However, the solution there did not help me.

      Here is my setup:
      jass-krb5.conf:

      client {
      com.sun.security.auth.module.Krb5LoginModule required
      debug=true
      useTicketCache=true
      principal="myaccount";
      };

      server {
      com.sun.security.auth.module.Krb5LoginModule required
      debug=true
      useKeyTab=true
      storeKey=true
      keyTab=my.keytab
      principal="host/mymachine.corpnet.mycorp.com"
      isInitiator=false;
      };


      krb5.ini was defined as following:
      [libdefaults]
      default_realm = CORPNET.MYCORP.COM
      default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
      default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
      permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc

      [realms]
      CORPNET.MYCORP.COM = {
      kdc = mykdc.corpnet.mycorp.com
      default_domain = CORPNET.MYCORP.COM
      }

      [domain_realm]
      .CORPNET.MYCORP.COM = CORPNET.MYCORP.COM


      The sample from http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/part1.html was running very well.
      So I'd assum all the setup was fine.

      But I got the following exception no matter how I treaked it.
      EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      Checksum failed !
      Exception in thread "main" java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism le
      vel: Checksum failed)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.Subject.doAs(Unknown Source)
      at Jaas.loginAndAction(Jaas.java:106)
      at GssServer.main(GssServer.java:86)
      Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
      at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
      at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
      at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
      at GssServer$GssServerAction.run(GssServer.java:159)
      ... 4 more
      Caused by: KrbException: Checksum failed
      at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(Unknown Source)
      at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(Unknown Source)
      at sun.security.krb5.EncryptedData.decrypt(Unknown Source)
      at sun.security.krb5.KrbApReq.authenticate(Unknown Source)
      at sun.security.krb5.KrbApReq.<init>(Unknown Source)
      at sun.security.jgss.krb5.InitSecContextToken.<init>(Unknown Source)
      ... 8 more
      Caused by: java.security.GeneralSecurityException: Checksum failed
      at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(Unknown Source)
      at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(Unknown Source)
      ... 14 more
      By the way, my SPN was added by my AD admin using setspn command.
      When I tried with ktpass, it already gave me error.
      My keytab file was created using ktab.exe from JRE 1.6.

      Any insight about the error?
      Thanks in advance.
      Allen