Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Checksum failed and some newbie questiions

843810Mar 8 2007 — edited Mar 9 2007

Hi people,

I have tried the GSS-API without JAAS tutorial for java 1.5 at http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html with that config:

1) Environment config:
- JKD 1.5.0 update 11
- Windows XP pro against Active Directory on a Windows Server

2) The bcsLogin.conf jaas config file exactly as it appears in the tutorial

3) My krb5.conf file:

        [libdefaults]
                default_realm = MYCOMPANY.COM
                default_tkt_enctypes = rc4-hmac
                default_tgs_enctypes = rc4-hmac
        
        [realms]
                MYCOMPANY.COM = {
                        kdc = MYCOMPANY.COM
                        admin_server = MYCOMPANY.COM
                        default_domain = MYCOMPANY.COM
                }
        
        [domain_realm]
                MYCOMPANY = MYCOMPANY.COM

4) Parameters for the SampleServer program:
Program arguments
4444

VM arguments
-Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.krb5.conf=krb5.conf
-Djava.security.auth.login.config=bcsLogin.conf

5) Parameters for the SampleClient program:
Program arguments
krbtgt localhost 4444

VM arguments
-Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.krb5.conf=krb5.conf
-Djava.security.auth.login.config=bcsLogin.conf

After executing it I obtained the below checksum exception:

Checksum failed !
Exception in thread "main" java.lang.RuntimeException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
	at SampleServer.main(SampleServer.java:121)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
	at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:730)
	at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
	at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
	at SampleServer.main(SampleServer.java:118)
Caused by: KrbException: Checksum failed
	at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85)
	at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77)
	at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:167)
	at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
	at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
	at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
	at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:715)
	... 3 more
Caused by: java.security.GeneralSecurityException: Checksum failed
	at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:387)
	at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74)
	at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83)
	... 9 more

Apart from help for the exception itselft I have some questions:

1- For the SampleClient program I use krbtgt as the server name but I don�t know exactly why this works. Other values don�t work and I don�t know exactly what this server name is, who creates it, etc. I would be grateful for some explanation about it

2- I use the same username-password (mine) for authentication in the SampleServer and in the SampleClient, is that correct?

Thank you very much in advance.

Locked Post

New comments cannot be posted to this locked post.

Locked on Apr 6 2007

Added on Mar 8 2007

#kerberos-java-gss-jgss

3 comments

2,983 views