0 Replies Latest reply: Oct 20, 2011 5:36 AM by 680524 RSS

    Java could not get the TGT from cache in Linux client.

    680524
      Dear friends,

      I have set up the kerberos server and OpenLDAP in RHEL5.5. I also have a RHEL6 as a client.
      I have ran my java program using jaas to query the openldap server from the linux client.
      1) I can query the openldap server If I copy the client's keytab to the client machine and use the following configruation options
           principal=wpingli
      useKeyTab=true
      keyTab="/home/wpingli/ker/java/wpingli_new.keytab";
      2) I also can query the openldap server If I am prompted to input the user/password.
      This makes me believe that my enviroment is ok.
      But I could not be sucessful if I run the java program after the kinit command.
      klist wpingli
      [wpingli@pli java]$ klist
      Ticket cache: FILE:/tmp/krb5cc_500
      Default principal: wpingli@XX.COM

      Valid starting Expires Service principal
      10/20/11 16:18:06 10/21/11 16:18:02 krbtgt/XX.COM@XX.COM

      jaas configuration
      GssExampleSUN{
      com.sun.security.auth.module.Krb5LoginModule required
      client=true
      debug=true
      doNotPrompt=true
      useTicketCache=true
      ticketCache="/tmp/krb5cc_500";
      };

      Exception:
      Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is /tmp/krb5cc_500 isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
      Acquire TGT from Cache
      Principal is null
      null credentials from Ticket Cache
      *[Krb5LoginModule] authentication failed*
      Unable to obtain Princpal Name for authentication
      Authentication attempt failedjavax.security.auth.login.LoginException: Unable to obtain Princpal Name for authentication

      Does anyone have idea on this problem?

      Thanks,
      Ricky