Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

GSSException: Failure unspecified at GSS-API level CheckSum Failed.

843810Apr 9 2008 — edited May 19 2009
Dear Listers>

I am following the examples that are there on the JGSS website as below
[http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/part2.html]

I am hitting a raodblock when executing the GssClient program.
The GssServer program works fine and it waits for the connection as follows



C:\Documents and Settings\x_tadoor\Desktop\jaasacn\auth\Ex2>java -Djava.security
.krb5.conf="krb5.conf" -Djava.security.auth.login.config=jaas-krb5.conf GssServer
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt fal
se ticketCache is null isInitiator false KeyTab is sample.keytab refreshKrb5Conf
ig is false principal is x_tadoor tryFirstPass is false useFirstPass is false st
orePass is false clearPass is false
Key for the principal x_tadoor@NET.PLM.EDS.COM not available in sample.keytab
Kerberos password for x_tadoor:
[Krb5LoginModule] user entered username: x_tadoor


principal is x_tadoor@NET.PLM.EDS.COM
EncryptionKey: keyType=17 keyBytes (hex dump)=0000: D8 12 5C F0 4E C0 6F 2E CD
97 5B E5 3B 91 B2 9D ..\.N.o...[.;...


EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E2 21 94 7E F9 30 9D EF E1
E7 45 BC EB 83 5E DC .!...0....E...^.


EncryptionKey: keyType=16 keyBytes (hex dump)=0000: 31 D3 BA 37 DA 40 FD 8F 37
29 F8 46 CE BA FD 3E 1..7.@..7).F...>
0010: 29 45 2F 3B 79 1C 86 FD
EncryptionKey: keyType=3 keyBytes (hex dump)=0000: D3 0D B3 BA 0B 0D 68 25
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: D3 0D B3 BA 0B 0D 68 25
Added server's keyKerberos Principal x_tadoor@NET.PLM.EDS.COMKey Version 0key En
cryptionKey: keyType=17 keyBytes (hex dump)=
0000: D8 12 5C F0 4E C0 6F 2E CD 97 5B E5 3B 91 B2 9D ..\.N.o...[.;...



[Krb5LoginModule] added Krb5Principal x_tadoor@NET.PLM.EDS.COM
to Subject
Added server's keyKerberos Principal x_tadoor@NET.PLM.EDS.COMKey Version 0key En
cryptionKey: keyType=23 keyBytes (hex dump)=
0000: E2 21 94 7E F9 30 9D EF E1 E7 45 BC EB 83 5E DC .!...0....E...^.



[Krb5LoginModule] added Krb5Principal x_tadoor@NET.PLM.EDS.COM
to Subject
Added server's keyKerberos Principal x_tadoor@NET.PLM.EDS.COMKey Version 0key En
cryptionKey: keyType=16 keyBytes (hex dump)=
0000: 31 D3 BA 37 DA 40 FD 8F 37 29 F8 46 CE BA FD 3E 1..7.@..7).F...>
0010: 29 45 2F 3B 79 1C 86 FD


[Krb5LoginModule] added Krb5Principal x_tadoor@NET.PLM.EDS.COM
to Subject
Added server's keyKerberos Principal x_tadoor@NET.PLM.EDS.COMKey Version 0key En
cryptionKey: keyType=3 keyBytes (hex dump)=
0000: D3 0D B3 BA 0B 0D 68 25


[Krb5LoginModule] added Krb5Principal x_tadoor@NET.PLM.EDS.COM
to Subject
Added server's keyKerberos Principal x_tadoor@NET.PLM.EDS.COMKey Version 0key En
cryptionKey: keyType=1 keyBytes (hex dump)=
0000: D3 0D B3 BA 0B 0D 68 25


[Krb5LoginModule] added Krb5Principal x_tadoor@NET.PLM.EDS.COM
to Subject
Commit Succeeded

Authenticated principal: [x_tadoor@NET.PLM.EDS.COM]
{color:#ff0000}Waiting for incoming connection...


{color}{color:#000000}*I launch another command prompt for the same and run the client:*

The client runs and authenticates my login

{color}{color:#000000}

C:\Documents and Settings\x_tadoor\Desktop\jaasacn\auth\Ex2\Client>java -Djava.s
ecurity.krb5.conf="krb5.conf" -Djava.security.auth.login.config=jaas-krb5.conf G
ssClient host hyi3w224
Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f
alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa
lse principal is x_tadoor tryFirstPass is false useFirstPass is false storePass
is false clearPass is false
Kerberos password for x_tadoor:
[Krb5LoginModule] user entered username: x_tadoor


Acquire TGT using AS Exchange
principal is [x_tadoor@NET.PLM.EDS.COM|mailto:x_tadoor@NET.PLM.EDS.COM]
EncryptionKey: keyType=17 keyBytes (hex dump)=0000: D8 12 5C F0 4E C0 6F 2E CD
97 5B E5 3B 91 B2 9D ..\.N.o...[.;...


EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E2 21 94 7E F9 30 9D EF E1
E7 45 BC EB 83 5E DC .!...0....E...^.


EncryptionKey: keyType=16 keyBytes (hex dump)=0000: 31 D3 BA 37 DA 40 FD 8F 37
29 F8 46 CE BA FD 3E [1..7.@..7).F|mailto:1..7.@..7).F]...>
0010: 29 45 2F 3B 79 1C 86 FD
EncryptionKey: keyType=3 keyBytes (hex dump)=0000: D3 0D B3 BA 0B 0D 68 25
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: D3 0D B3 BA 0B 0D 68 25
Commit Succeeded


Authenticated principal: [x_tadoor@NET.PLM.EDS.COM]
Connected to address hyi3w224/146.122.157.102
Exception in thread "main" java.security.PrivilegedActionException: java.net.Soc
ketException: Connection reset
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at Jaas.loginAndAction(Jaas.java:94)
at GssClient.main(GssClient.java:97)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at java.net.SocketInputStream.read(SocketInputStream.java:182)
at java.io.DataInputStream.readInt(DataInputStream.java:370)
at GssClient$GssClientAction.run(GssClient.java:190)
... 4 more



on the server side the GssServer get the connection from the client

Got connection from client /146.122.157.102
Checksum failed !
Exception in thread "main" java.security.PrivilegedActionException: GSSException
: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at Jaas.loginAndAction(Jaas.java:94)
at GssServer.main(GssServer.java:87)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level:
Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:
741)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:323)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:267)
at GssServer$GssServerAction.run(GssServer.java:160)
... 4 more
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma
cEType.java:85)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma
cEType.java:77)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken
.java:79)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:
724)
... 7 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCry
pto.java:388)
at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.jav
a:74)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma
cEType.java:83)
... 13 morer also fails with the following message

and the connection fails....

I would like to mention that I am on windows xp professional and trying to authenticate the same with the ADS of my domain. I am pasting the KRB5.conf file details as below.



#


# Copyright 2004 Sun Microsystems, Inc. All rights reserved.


# Use is subject to license terms.


#


# ident "@(#)krb5.conf 1.3 04/03/25 SMI"


#


# krb5.conf template


# In order to complete this configuration file


# you will need to replace the __<name>__ placeholders


# with appropriate values for your network.


#


[libdefaults]


default_realm = NET.PLM.EDS.COM


forwardable = true


default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc


default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc


permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc


[realms]


NET.PLM.EDS.COM = {


kdc = inpndplm002


kdc = ussvdplm001


admin_server = inpndplm002


}


[domain_realm]


.net.plm.eds.com = NET.PLM.EDS.COM


[logging]


default = c:\kdc.log


kdc = c:\kdc.log


kdc_rotate = {


# How often to rotate kdc.log. Logs will get rotated no more


# often than the period, and less often if the KDC is not used


# frequently.


period = 1d


# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)


versions = 10


}


[appdefaults]


gkadmin = {


help_url = http://localhost:8888/ab2/coll.384.1/SEAM


}


kinit = {


renewable = true


forwardable= true


}


rlogin = {


forwardable= true


}


rsh = {


forwardable= true


}


telnet = {


autologin = true


forwardable= true


}



I have replaced the same in the KRB5.ini file under c:\windows of my machine.
I have checked the plain configuration of the Part 1 and they work fine, I would really be grateful if anyone from the forum can help me out on the same.

I have also checked the code on the tutorials and they also work fine and I am getting this error only when I am performing this exercise...Please help me on the same!

Best Regards
Vilas



{color}
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jun 16 2009
Added on Apr 9 2008
#kerberos-java-gss-jgss
9 comments
17,809 views