Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Kerberos & Java GSS (JGSS) - pre-authentication required

843810Jul 18 2010 — edited Jul 19 2010
Hi,

I've do some vm linux for a project:
krbsrv as kerberos server
Client as kerberos Client

When i try with jaas and jgss to signin from client to server i've a little issue.. an error code is 25 "Additional pre-authentication required" .
it works properly because the logincontext redo the authentication with the PRE_AUTH, but in DEBUG mode i see always the same error-warning :


KRBError:
cTime is Mon May 09 12:44:57 CEST 2022 1652093097000
sTime is Sun Jul 18 15:25:47 CEST 2010 1279459547000
suSec is 445405
error code is 25
error Message is Additional pre-authentication required
eData provided.
msgType is 30

Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP

Pre-Authentication Data:
PA-DATA type = 136

Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18

Pre-Authentication Data:
PA-DATA type = 13

Pre-Authentication Data:
PA-DATA type = 133

KRBError received: NEEDED_PREAUTH
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ





the program works because it redo the authentication with PREAUTH, but i want to know where i can setting to do PREAUTH First.
I have to deliver the project to my boss so i must understand how to eliminate this warning. :D


Here the code of the login to kerberos. 
private void login( String username, String password) throws LoginException 
{
LoginContext loginCtx = null;

// "Client" รจ il tipo di autenticazione specificata nel file JAAS jaas.conf.
loginCtx = new LoginContext( "Client",new LoginCallbackHandler(username ,password ));

loginCtx.login();
this.subject = loginCtx.getSubject();

}
JAAS.CONF: 
Client {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false;
};
Here the GSS Code: 
private void initiateSecurityContext( String servicePrincipalName) throws GSSException 
{
GSSManager manager = GSSManager.getInstance();

Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");

GSSName serverName = manager.createName(servicePrincipalName, krb5PrincipalNameType);

final GSSContext context = manager.createContext( serverName, krb5Oid, null,GSSContext.DEFAULT_LIFETIME);

this.serviceTicket = Subject.doAs( subject, new PrivilegedAction<byte[]>() 
	{
     public byte[] run() 
     	{
    	 	try 
    	 		{
    	 			byte[] token = new byte[0];
    	 			context.requestMutualAuth( false);
    	 			context.requestCredDeleg( false);
    	 			return context.initSecContext( token, 0, token.length);
    	 		}
    	 	catch ( GSSException e) 
    	 		{
    	 			e.printStackTrace();
    	 			return null;
    	 		}
     	}
    });
}
where i can set the PRE_AUTH option ?


Thx.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 16 2010
Added on Jul 18 2010
#kerberos-java-gss-jgss
2 comments
6,319 views