0 Replies Latest reply: May 18, 2012 8:44 AM by 938274 RSS

    Caching krb5 service tickets

    938274
      My JAVA client uses SPNEGO authentication and gets a service ticket for a service.
      From log and also examining sniffer captures, I see that it is able to get TGT from LSA cache (client OS is XP), but never gets service ticket from it.
      It sends TGS_REQ everytime, with a noticeable performance effect.
      Is there any way to force Java to store and get service tickets from LSA?
      Following is the debug output:

      <pre>
      Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
      Acquire TGT from Cache
      KinitOptions cache name is C:\Documents and Settings\n842865\krb5cc_n842865
      Acquire default native Credentials
      Obtained TGT from LSA: Credentials:
      client=N842865@UTENZE.BANKIT.IT
      server=krbtgt/UTENZE.BANKIT.IT@UTENZE.BANKIT.IT
      authTime=20120518133027Z
      startTime=20120518133027Z
      endTime=20120518233027Z
      renewTill=20120525133027Z
      flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
      EType (int): 23
      Principal is N842865@UTENZE.BANKIT.IT
      Commit Succeeded

      Found ticket for N842865@UTENZE.BANKIT.IT to go to krbtgt/UTENZE.BANKIT.IT@UTENZE.BANKIT.IT expiring on Sat May 19 01:30:27 CEST 2012
      Entered Krb5Context.initSecContext with state=STATE_NEW
      Found ticket for N842865@UTENZE.BANKIT.IT to go to krbtgt/UTENZE.BANKIT.IT@UTENZE.BANKIT.IT expiring on Sat May 19 01:30:27 CEST 2012
      Service ticket not found in the subject
      Credentials acquireServiceCreds: same realm
      default etypes for default_tgs_enctypes: 1 3 23 16.
      CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
      EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      KrbKdcReq send: kdc=ESLQ334.UTENZE.BANKIT.IT UDP:88, timeout=30000, number of retries =3, #bytes=1459
      KDCCommunication: kdc=ESLQ334.UTENZE.BANKIT.IT UDP:88, timeout=30000,Attempt =1, #bytes=1459
      KrbKdcReq send: #bytes read=1400
      KrbKdcReq send: #bytes read=1400
      KdcAccessibility: remove ESLQ334.UTENZE.BANKIT.IT:88
      EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      KrbApReq: APOptions are 00100000 00000000 00000000 00000000
      EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
      crc32: 72b9583c
      crc32: 1110010101110010101100000111100
      Krb5Context setting mySeqNumber to: 607682571
      Created InitSecContextToken:
      0000: 01 00 6E 82 05 14 30 82 05 10 A0 03 02 01 05 A1 ..n...0.........
      0010: 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 04 ......... ......
      0020: 48 61 82 04 44 30 82 04 40 A0 03 02 01 05 A1 12 Ha..D0..@.......
      0030: 1B 10 55 54 45 4E 5A 45 2E 42 41 4E 4B 49 54 2E ..UTENZE.BANKIT.
      0040: 49 54 A2 2E 30 2C A0 03 02 01 00 A1 25 30 23 1B IT..0,......%0#.
      0050: 04 68 6F 73 74 1B 1B 73 70 6F 72 74 65 6C 6C 6F .host..sportello
      0060: 2D 63 6F 6C 6C 2E 61 63 2E 62 61 6E 6B 69 74 2E -coll.ac.bankit.
      0070: 69 74 A3 82 03 F3 30 82 03 EF A0 03 02 01 17 A1 it....0.........
      0080: 03 02 01 06 A2 82 03 E1 04 82 03 DD D3 52 47 66 .............RGf
      0090: 7F F2 FA B3 6A 0B 35 9B A3 92 2C A6 19 E8 4E 2B ....j.5...,...N+
      00A0: C5 13 1B B6 1D C3 04 5B FE B2 C7 88 22 B3 68 70 .......[....".hp
      00B0: FC 86 48 D9 C1 02 F7 78 06 5D FA 13 BC 49 E4 7B ..H....x.]...I..
      00C0: D0 6E 67 BE 16 BF 50 9B EE FF AA 9F 8E 0E 33 71 .ng...P.......3q
      00D0: BF C8 23 E3 12 E1 68 0C 9E C1 6F BF A5 56 92 7C ..#...h...o..V..
      00E0: 1D 3A 4A AE 1E 8D 6B FB FB AF 45 37 98 41 99 D8 .:J...k...E7.A..
      00F0: BC 2F E2 D6 D1 77 5B A5 B0 4D 80 42 74 21 D7 6F ./...w[..M.Bt!.o
      0100: AE 1C 9F B1 8A 32 ED F9 DD B1 86 67 C2 C4 36 10 .....2.....g..6.
      0110: 37 C9 28 2D 08 D4 01 CF E3 EA F6 3E 10 57 F7 44 7.(-.......>.W.D
      0120: 10 AD 91 C8 6A F7 30 40 FC 45 B1 C4 5C C9 BB D5 ....j.0@.E..\...
      0130: 1F 08 1F 5B C2 F2 44 49 BC 27 8D D4 92 2C 1E 84 ...[..DI.'...,..
      0140: CC E3 3C F3 68 E3 06 72 4A 9F 06 4D 0B CD 1F E0 ..<.h..rJ..M....
      0150: 19 66 D5 93 48 C9 BB C8 A5 18 D0 FF 52 DE 41 B4 .f..H.......R.A.
      0160: F6 5B E3 B7 13 5B 87 94 73 C7 C2 32 E3 E0 8F F3 .[...[..s..2....
      0170: 9A 57 93 A8 C8 DF CC DD C0 04 E0 E2 5B 85 5E 74 .W..........[.^t
      0180: C9 37 6C 00 B4 6C B6 F7 1B C1 92 27 ED 40 D7 78 .7l..l.....'.@.x
      0190: 67 3E 2D 8F 2C 31 DC 6D 34 21 76 63 1A C9 96 95 g>-.,1.m4!vc....
      01A0: 53 C7 EC 46 E3 92 09 10 2D EB 97 4D 85 EA B5 71 S..F....-..M...q
      01B0: 6E FB D6 50 A3 9A D0 63 47 B4 9B D9 96 2E E6 A9 n..P...cG.......
      01C0: AD C7 72 00 A6 FD 7C 6A 38 23 44 9B 34 64 94 FA ..r....j8#D.4d..
      01D0: 3D 3F 7D FD 67 C0 18 56 D8 82 35 8C 6A E5 3B D8 =?..g..V..5.j.;.
      01E0: 9F 34 8C 78 31 46 58 9C 7B 12 C8 C0 10 0A 90 72 .4.x1FX........r
      01F0: 41 74 96 E2 79 FC A0 3E 37 FE 2A 0F 98 AA FA 97 At..y..>7.*.....
      0200: 47 F5 D9 EA 15 11 93 22 63 A0 21 BA ED CE B4 EE G......"c.!.....
      0210: 18 A1 AD C1 94 60 F3 F0 57 49 BD 0A D4 9E 95 C8 .....`..WI......
      0220: EC 4E 42 31 2A 09 A8 60 57 C8 F0 CA 5B 83 C4 8F .NB1*..`W...[...
      0230: EA 87 C7 0A A5 E2 66 29 D0 36 33 05 C9 42 98 4E ......f).63..B.N
      0240: 11 8D F4 FD 9C 8A 7D 18 C3 36 80 79 3F 29 FD C7 .........6.y?)..
      0250: CF 12 E1 F7 0A 20 B4 E2 24 4D A7 84 1A 81 5E 7B ..... ..$M....^.
      0260: AC 24 AA 51 12 41 DC 5E 34 0B 8E 1B B6 C9 86 34 .$.Q.A.^4......4
      0270: 07 41 E9 41 4A 29 6C 56 5A 92 62 A8 86 79 2E E2 .A.AJ)lVZ.b..y..
      0280: 50 5E 7C 3F C8 C6 3C 2E 0D A7 5A F6 50 B0 96 EA P^.?..<...Z.P...
      0290: A2 2D D7 21 32 47 88 F5 80 33 CD 5B E9 03 13 DE .-.!2G...3.[....
      02A0: C7 52 55 00 55 AC B6 34 48 55 18 33 8C 9B 17 0E .RU.U..4HU.3....
      02B0: 1B 07 09 C1 58 3B 86 E2 AF BC B5 2D A4 D2 21 FF ....X;.....-..!.
      02C0: B2 2C A8 96 18 FA 53 0B 90 FE F8 DA A1 09 0E F1 .,....S.........
      02D0: BD BE 20 34 8D 41 4C B2 FD EA EC F7 17 4D 46 60 .. 4.AL......MF`
      02E0: 57 7C E9 84 58 9B AE E3 90 1E BB CD 86 FA ED 60 W...X..........`
      02F0: 29 B1 C0 16 22 D5 22 E4 5D 36 EA 6A 3B 83 B8 9A )...".".]6.j;...
      0300: A6 43 D8 88 29 03 34 AE 32 31 FC DD D9 D1 A7 9D .C..).4.21......
      0310: 4B 56 09 9C 4D 94 D1 C2 BA 11 DE 42 46 12 46 1F KV..M......BF.F.
      0320: 12 10 C0 3D 52 EB 40 71 F7 E6 68 E6 53 18 FB E3 ...=R.@q..h.S...
      0330: 93 90 0C 6F CD 0D 72 DD E1 7C C6 4D BD 47 EC 69 ...o..r....M.G.i
      0340: 8D 12 AE A2 39 25 DD 9E C8 63 54 A3 14 DA F8 8A ....9%...cT.....
      0350: 73 11 9F C6 73 CF 84 99 49 5F BE AB 03 F5 B2 78 s...s...I_.....x
      0360: 40 41 34 C0 B5 4D D9 12 3B 8D CF 07 10 91 D5 C0 @A4..M..;.......
      0370: 17 8D 73 5D B7 C9 32 1F 24 E5 C4 74 83 82 65 26 ..s]..2.$..t..e&
      0380: 7B 6E 90 78 A6 30 2E 88 B1 02 CF B7 9D 09 DF EE .n.x.0..........
      0390: 6B 9F 20 A8 2E 1D 2D D7 42 71 C0 6A E0 21 EF D0 k. ...-.Bq.j.!..
      03A0: 2C 47 AF C2 55 A6 DB C1 6A 9D 6B 32 61 CD B4 82 ,G..U...j.k2a...
      03B0: 66 80 76 23 D2 DD 9D EB CB 9C 7C B8 AE 8F 69 9D f.v#..........i.
      03C0: C8 8C E8 4A AC CF CF DE 9A B5 10 DB 41 BA 9D F9 ...J........A...
      03D0: CB C4 32 5A C7 50 1A 8F 6E 5B 8C 24 3A 26 BD 2E ..2Z.P..n[.$:&..
      03E0: BC A9 E4 37 14 CA 56 8B AC B9 59 35 F6 DC E0 AA ...7..V...Y5....
      03F0: EC A4 CC 8E 04 7F 3C 5B B2 F0 35 BF 74 0F F5 71 ......<[..5.t..q
      0400: F8 A7 C1 72 56 56 4D 59 C8 4C B4 FD 81 E8 98 D5 ...rVVMY.L......
      0410: 51 1B E3 94 94 99 46 AF 10 C0 9D 71 37 9D F2 45 Q.....F....q7..E
      0420: B2 8D 77 35 4D 87 BA 77 A1 F6 44 BE 85 6D 43 9E ..w5M..w..D..mC.
      0430: 8B 0A 34 1B 8F D3 4A CF 76 99 B2 A2 C7 32 30 A9 ..4...J.v....20.
      0440: AD F9 97 FC 3D C7 4E D8 82 8A 3D 1D 2A A1 89 20 ....=.N...=.*..
      0450: 23 1E 63 2B 50 0B F9 D1 41 08 2D 37 0E 16 70 84 #.c+P...A.-7..p.
      0460: 8C 52 6D FB 0D 9D 8F 22 26 A4 81 AE 30 81 AB A0 .Rm...."&...0...
      0470: 03 02 01 01 A2 81 A3 04 81 A0 3D 8B 6C 95 87 91 ..........=.l...
      0480: 27 41 33 FE C9 8F 71 A9 D1 EE 2C 42 AC F5 D9 CC 'A3...q...,B....
      0490: B7 91 2A F2 79 EE F0 94 7F F8 D3 D3 53 0B 26 DC ..*.y.......S.&.
      04A0: 1E 10 47 04 33 C8 58 1C B9 30 69 86 9D FD 16 8F ..G.3.X..0i.....
      04B0: 87 B5 19 FA 24 4A 88 68 58 7D B1 DE 69 01 45 B4 ....$J.hX...i.E.
      04C0: E7 D1 03 E4 3A CD 65 19 6C F7 94 47 10 B1 0F B2 ....:.e.l..G....
      04D0: 65 60 3A 87 9F DA 3C 9C 63 4B C0 7E 3D 91 98 9E e`:...<.cK..=...
      04E0: E6 7D 89 FE E5 DE 87 1C F8 B4 B5 CD FB 42 3D 35 .............B=5
      04F0: 37 23 41 60 9C 23 53 68 28 A2 73 D1 10 66 03 D3 7#A`.#Sh(.s..f..
      0500: 5A C5 FC FE 01 BB 41 4C 3F 51 92 A6 44 05 B4 15 Z.....AL?Q..D...
      0510: DA 6F 94 E8 E8 41 F5 19 D9 BA .o...A....

      Entered Krb5Context.initSecContext with state=STATE_IN_PROCESS
      EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
      crc32: a50207fa
      crc32: 10100101000000100000011111111010
      Krb5Context setting peerSeqNumber to: 869014942
                [Krb5LoginModule]: Entering logout
                [Krb5LoginModule]: logged out Subject
      </pre>