preauthentication failed whit gssapi kerberos authentication
843811Nov 18 2004 — edited Jun 28 2006Hello,
I am trying to authenticate whit kerberos, but I keep on running in to the same problem.
kinit and other kerberos utils work. But when I am trying to authenticat whit my own java code I get a preauthentication error:
***Trace:
[java] default etypes for default_tkt_enctypes: 16 1.
[java] default etypes for default_tkt_enctypes: 16 1.
[java] >>> EType: sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType
[java] >>> KrbAsReq calling createMessage
[java] >>> KrbAsReq in createMessage
[java] >>> KrbKdcReq send: kdc=tower.mivz.spugium.net UDP:88, timeout=30000, number ofretries =3, #bytes=230
[java] >>> KDCCommunication: kdc=tower.mivz.spugium.net UDP:88, timeout=30000,Attempt =1, #bytes=230
[java] >>> KrbKdcReq send: #bytes read=193
[java] >>> KrbKdcReq send: #bytes read=193
[java] >>> KDCRep: init() encoding tag is 126 req type is 11
[java] >>>KRBError:
[java] cTime is Sat Nov 20 02:23:05 CET 2004 1100913785000
[java] sTime is Fri Nov 19 03:32:50 CET 2004 1100831570000
[java] suSec is 750731
[java] error code is 24
[java] error Message is Pre-authentication information was invalid
[java] crealm is MIVZ.SPUGIUM.NET
[java] cname is root
[java] realm is MIVZ.SPUGIUM.NET
[java] sname is krbtgt/MIVZ.SPUGIUM.NET
[java] etext is Preauthentication failed
[java] Kerberos password for root@MIVZ.SPUGIUM.NET: Unexpected Exception - unable to continue
[java] javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) - Preauthentication failed
[java] at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:652)
[java] at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[java] at java.lang.reflect.Method.invoke(Method.java:585)
[java] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
[java] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
[java] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
[java] at java.security.AccessController.doPrivileged(Native Method)
[java] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
[java] at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
[java] at org.spugium.spine.plug.webadmin.Login.main(Login.java:166)
[java] Caused by: KrbException: Pre-authentication information was invalid (24) - Preauthentication failed
[java] at sun.security.krb5.KrbAsRep.<init>(DashoA12275:67)
[java] at sun.security.krb5.KrbAsReq.getReply(DashoA12275:345)
[java] at sun.security.krb5.Credentials.acquireTGT(DashoA12275:370)
[java] at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:642)
[java] ... 12 more
[java] Caused by: KrbException: Identifier doesn't match expected value (906)
[java] at sun.security.krb5.internal.ah.a(DashoA12275:133)
[java] at sun.security.krb5.internal.av.a(DashoA12275:58)
[java] at sun.security.krb5.internal.av.<init>(DashoA12275:53)
[java] at sun.security.krb5.KrbAsRep.<init>(DashoA12275:50)
[java] ... 15 more
[java] Java Result: 255
***krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = MIVZ.SPUGIUM.NET
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
MIVZ.SPUGIUM.NET = {
kdc = tower.mivz.spugium.net:88
admin_server = tower.mivz.spugium.net:749
}
[domain_realm]
.mivz.spugium.net = MIVZ.SPUGIUM.NET
mivz.spugium.net = MIVZ.SPUGIUM.NET
***csLogin.conf`
org.spugium.spine.plug.webadmin.Webadmin {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true principal="root@MIVZ.SPUGIUM.NET";
};
***System.propertys:
System.setProperty("java.security.krb5.conf","/etc/krb5.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
System.setProperty("javax.security.auth.useTicketCache", "true");
System.setProperty("java.security.auth.login.config", "csLogin.conf");
System.setProperty("sun.security.krb5.debug", "true");
Could someone help me whit a hint?
Thank you,
Harrie Hoogeveen