Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Error from sample JAAS client: Message stream modified (41)

843810Dec 31 2007 — edited Jan 2 2008
I am trying to follow the tutorial for JAAS Authentication located here:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/AcnOnly.html

I am trying to run the sample client JaasAcn.java but am getting a strange error when I try to log on to my Active Directory.

I am using Java version: jre1.6.0_03

I can login to Active Directory fine with the credentials I am providing, just not with this client, so I know the credentials are valid.

Here is the error I get that I don't understand. Any suggestions would be very helpful, if you provide help for this

The Error message is: [Krb5LoginModule] authentication failed
Message stream modified (41)

Here is the full output:

C:\Progra~1\Java\jre1.6.0_03\bin\java -Dsun.security.krb5.debug=true -Djava.security.krb5.realm=PRSDev.local -Djava.security.krb5.kdc=192.168.40.72 -Djava.security.auth.login.config=jaas.conf JaasAcn

Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f
alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa
lse principal is null tryFirstPass is false useFirstPass is false storePass is f
alse clearPass is false
Kerberos username [ILea]: sra
Kerberos password for sra:
[Krb5LoginModule] user entered username: sra

Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Acquire TGT using AS Exchange
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=192.168.40.72 UDP:88, timeout=30000, number of retries =
3, #bytes=144
KDCCommunication: kdc=192.168.40.72 UDP:88, timeout=30000,Attempt =1, #bytes
=144
KrbKdcReq send: #bytes read=202
KrbKdcReq send: #bytes read=202
KDCRep: init() encoding tag is 126 req type is 11
KRBError:
sTime is Mon Dec 31 11:56:40 PST 2007 1199131000000
suSec is 884978
error code is 25
error Message is Additional pre-authentication required
realm is PRSDev.local
sname is krbtgt/PRSDev.local
eData provided.
msgType is 30
Pre-Authentication Data:
PA-DATA type = 11
PA-ETYPE-INFO etype = 23
Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
Pre-Authentication Data:
PA-DATA type = 15
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Pre-Authentication: Set preferred etype = 23
KrbAsReq salt is PRSDev.localsra
Pre-Authenticaton: find key for etype = 23
AS-REQ: Add PA_ENC_TIMESTAMP now
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=192.168.40.72 UDP:88, timeout=30000, number of retries =
3, #bytes=210
KDCCommunication: kdc=192.168.40.72 UDP:88, timeout=30000,Attempt =1, #bytes
=210
KrbKdcReq send: #bytes read=1182
KrbKdcReq send: #bytes read=1182
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
[Krb5LoginModule] authentication failed
Message stream modified (41)
Authentication failed:
Message stream modified (41)
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 30 2008
Added on Dec 31 2007
#kerberos-java-gss-jgss
3 comments
1,841 views