This discussion is archived
0 Replies Latest reply: Oct 20, 2011 3:36 AM by 680524 RSS

Java could not get the TGT from cache in Linux client.

680524 Newbie
Currently Being Moderated
Dear friends,

I have set up the kerberos server and OpenLDAP in RHEL5.5. I also have a RHEL6 as a client.
I have ran my java program using jaas to query the openldap server from the linux client.
1) I can query the openldap server If I copy the client's keytab to the client machine and use the following configruation options
     principal=wpingli
useKeyTab=true
keyTab="/home/wpingli/ker/java/wpingli_new.keytab";
2) I also can query the openldap server If I am prompted to input the user/password.
This makes me believe that my enviroment is ok.
But I could not be sucessful if I run the java program after the kinit command.
klist wpingli
[wpingli@pli java]$ klist
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: wpingli@XX.COM

Valid starting Expires Service principal
10/20/11 16:18:06 10/21/11 16:18:02 krbtgt/XX.COM@XX.COM

jaas configuration
GssExampleSUN{
com.sun.security.auth.module.Krb5LoginModule required
client=true
debug=true
doNotPrompt=true
useTicketCache=true
ticketCache="/tmp/krb5cc_500";
};

Exception:
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is /tmp/krb5cc_500 isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is null
null credentials from Ticket Cache
*[Krb5LoginModule] authentication failed*
Unable to obtain Princpal Name for authentication
Authentication attempt failedjavax.security.auth.login.LoginException: Unable to obtain Princpal Name for authentication

Does anyone have idea on this problem?

Thanks,
Ricky

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points