Java Security

Currently I'm finalizing my test implementation of the JAAS/GSS implementation (via Tutorial). One thing I seam to be suck on right now is having the server-side/service authenticate (as a service with krb5/SEAM) with a given principal using its entry in krb5.keytab. The impression I'm getting is that Krb5LoginModule doesn't read the keytab file -- i.e. to read the key/password from.

However; if doNotPrompt is set FALSE, then the server stops and prompts for my password via console. After entering the password<return> the client/server do successfully establish and finalize their context. with doNotPrompt set to True the problem persists with the module not able to retriev the key from krb5.keytab. One more important aspect: The error occurs, regardless of the principal is listed in the keytab, or not!

any thoughts or hints along that line? What am I missing. I've exhausted my resources. I'm dying for for help her!!! God help! :c)


1. following is what I've configured in my JAAS.conf file.

.....
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule
required
useKeyTab=true
keyTab="/etc/krb5/krb5.keytab"
principal=tester
storeKey=true
doNotPrompt=true
debug=true;
};


2. following is the stacktrace on the server side ("Unable to obtain password from user")

Created Context for Server (GSSCredentail)null
context is: sun.security.jgss.GSSContextImpl@f0eed6
context is: null
context.notYetEstblished
Will read input token of size 475 for processing by acceptSecContext
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null KeyTab is /etc/krb5/krb5.keytab principal is tester tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Key for the principal tester@DOMAIN.COM not available in /etc/krb5/krb5.keytab
[Krb5LoginModule] authentication failed
Unable to obtain password from user

Exception in thread "main" GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:277)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
at doc.samples.server.SampleServer.main(SampleServer.java:118)
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:661)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:552)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:458)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
... 9 more
csh_default13: