Dear All
I have exactly the same problem as descripted in this thread:
http://forums.sun.com/thread.jspa?threadID=5284122&tstart=45
However, the solution there did not help me.
Here is my setup:
jass-krb5.conf:
client {
com.sun.security.auth.module.Krb5LoginModule required
debug=true
useTicketCache=true
principal="myaccount";
};
server {
com.sun.security.auth.module.Krb5LoginModule required
debug=true
useKeyTab=true
storeKey=true
keyTab=my.keytab
principal="host/mymachine.corpnet.mycorp.com"
isInitiator=false;
};
krb5.ini was defined as following:
[libdefaults]
default_realm = CORPNET.MYCORP.COM
default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
[realms]
CORPNET.MYCORP.COM = {
kdc = mykdc.corpnet.mycorp.com
default_domain = CORPNET.MYCORP.COM
}
[domain_realm]
.CORPNET.MYCORP.COM = CORPNET.MYCORP.COM
The sample from http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/part1.html was running very well.
So I'd assum all the setup was fine.
But I got the following exception no matter how I treaked it.
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Checksum failed !
Exception in thread "main" java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism le
vel: Checksum failed)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at Jaas.loginAndAction(Jaas.java:106)
at GssServer.main(GssServer.java:86)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
at GssServer$GssServerAction.run(GssServer.java:159)
... 4 more
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(Unknown Source)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(Unknown Source)
at sun.security.krb5.EncryptedData.decrypt(Unknown Source)
at sun.security.krb5.KrbApReq.authenticate(Unknown Source)
at sun.security.krb5.KrbApReq.<init>(Unknown Source)
at sun.security.jgss.krb5.InitSecContextToken.<init>(Unknown Source)
... 8 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(Unknown Source)
at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(Unknown Source)
... 14 more
By the way, my SPN was added by my AD admin using setspn command.
When I tried with ktpass, it already gave me error.
My keytab file was created using ktab.exe from JRE 1.6.
Any insight about the error?
Thanks in advance.
Allen