Skip to Main Content
Forums

Java Security

Caching krb5 service tickets

938274May 18 2012
My JAVA client uses SPNEGO authentication and gets a service ticket for a service.
From log and also examining sniffer captures, I see that it is able to get TGT from LSA cache (client OS is XP), but never gets service ticket from it.
It sends TGS_REQ everytime, with a noticeable performance effect.
Is there any way to force Java to store and get service tickets from LSA?
Following is the debug output:

<pre>
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
KinitOptions cache name is C:\Documents and Settings\n842865\krb5cc_n842865
Acquire default native Credentials
Obtained TGT from LSA: Credentials:
client=N842865@UTENZE.BANKIT.IT
server=krbtgt/UTENZE.BANKIT.IT@UTENZE.BANKIT.IT
authTime=20120518133027Z
startTime=20120518133027Z
endTime=20120518233027Z
renewTill=20120525133027Z
flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
EType (int): 23
Principal is N842865@UTENZE.BANKIT.IT
Commit Succeeded

Found ticket for N842865@UTENZE.BANKIT.IT to go to krbtgt/UTENZE.BANKIT.IT@UTENZE.BANKIT.IT expiring on Sat May 19 01:30:27 CEST 2012
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for N842865@UTENZE.BANKIT.IT to go to krbtgt/UTENZE.BANKIT.IT@UTENZE.BANKIT.IT expiring on Sat May 19 01:30:27 CEST 2012
Service ticket not found in the subject
Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 1 3 23 16.
CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
KrbKdcReq send: kdc=ESLQ334.UTENZE.BANKIT.IT UDP:88, timeout=30000, number of retries =3, #bytes=1459
KDCCommunication: kdc=ESLQ334.UTENZE.BANKIT.IT UDP:88, timeout=30000,Attempt =1, #bytes=1459
KrbKdcReq send: #bytes read=1400
KrbKdcReq send: #bytes read=1400
KdcAccessibility: remove ESLQ334.UTENZE.BANKIT.IT:88
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
KrbApReq: APOptions are 00100000 00000000 00000000 00000000
EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
crc32: 72b9583c
crc32: 1110010101110010101100000111100
Krb5Context setting mySeqNumber to: 607682571
Created InitSecContextToken:
0000: 01 00 6E 82 05 14 30 82 05 10 A0 03 02 01 05 A1 ..n...0.........
0010: 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 04 ......... ......
0020: 48 61 82 04 44 30 82 04 40 A0 03 02 01 05 A1 12 Ha..D0..@.......
0030: 1B 10 55 54 45 4E 5A 45 2E 42 41 4E 4B 49 54 2E ..UTENZE.BANKIT.
0040: 49 54 A2 2E 30 2C A0 03 02 01 00 A1 25 30 23 1B IT..0,......%0#.
0050: 04 68 6F 73 74 1B 1B 73 70 6F 72 74 65 6C 6C 6F .host..sportello
0060: 2D 63 6F 6C 6C 2E 61 63 2E 62 61 6E 6B 69 74 2E -coll.ac.bankit.
0070: 69 74 A3 82 03 F3 30 82 03 EF A0 03 02 01 17 A1 it....0.........
0080: 03 02 01 06 A2 82 03 E1 04 82 03 DD D3 52 47 66 .............RGf
0090: 7F F2 FA B3 6A 0B 35 9B A3 92 2C A6 19 E8 4E 2B ....j.5...,...N+
00A0: C5 13 1B B6 1D C3 04 5B FE B2 C7 88 22 B3 68 70 .......[....".hp
00B0: FC 86 48 D9 C1 02 F7 78 06 5D FA 13 BC 49 E4 7B ..H....x.]...I..
00C0: D0 6E 67 BE 16 BF 50 9B EE FF AA 9F 8E 0E 33 71 .ng...P.......3q
00D0: BF C8 23 E3 12 E1 68 0C 9E C1 6F BF A5 56 92 7C ..#...h...o..V..
00E0: 1D 3A 4A AE 1E 8D 6B FB FB AF 45 37 98 41 99 D8 .:J...k...E7.A..
00F0: BC 2F E2 D6 D1 77 5B A5 B0 4D 80 42 74 21 D7 6F ./...w[..M.Bt!.o
0100: AE 1C 9F B1 8A 32 ED F9 DD B1 86 67 C2 C4 36 10 .....2.....g..6.
0110: 37 C9 28 2D 08 D4 01 CF E3 EA F6 3E 10 57 F7 44 7.(-.......>.W.D
0120: 10 AD 91 C8 6A F7 30 40 FC 45 B1 C4 5C C9 BB D5 ....j.0@.E..\...
0130: 1F 08 1F 5B C2 F2 44 49 BC 27 8D D4 92 2C 1E 84 ...[..DI.'...,..
0140: CC E3 3C F3 68 E3 06 72 4A 9F 06 4D 0B CD 1F E0 ..<.h..rJ..M....
0150: 19 66 D5 93 48 C9 BB C8 A5 18 D0 FF 52 DE 41 B4 .f..H.......R.A.
0160: F6 5B E3 B7 13 5B 87 94 73 C7 C2 32 E3 E0 8F F3 .[...[..s..2....
0170: 9A 57 93 A8 C8 DF CC DD C0 04 E0 E2 5B 85 5E 74 .W..........[.^t
0180: C9 37 6C 00 B4 6C B6 F7 1B C1 92 27 ED 40 D7 78 .7l..l.....'.@.x
0190: 67 3E 2D 8F 2C 31 DC 6D 34 21 76 63 1A C9 96 95 g>-.,1.m4!vc....
01A0: 53 C7 EC 46 E3 92 09 10 2D EB 97 4D 85 EA B5 71 S..F....-..M...q
01B0: 6E FB D6 50 A3 9A D0 63 47 B4 9B D9 96 2E E6 A9 n..P...cG.......
01C0: AD C7 72 00 A6 FD 7C 6A 38 23 44 9B 34 64 94 FA ..r....j8#D.4d..
01D0: 3D 3F 7D FD 67 C0 18 56 D8 82 35 8C 6A E5 3B D8 =?..g..V..5.j.;.
01E0: 9F 34 8C 78 31 46 58 9C 7B 12 C8 C0 10 0A 90 72 .4.x1FX........r
01F0: 41 74 96 E2 79 FC A0 3E 37 FE 2A 0F 98 AA FA 97 At..y..>7.*.....
0200: 47 F5 D9 EA 15 11 93 22 63 A0 21 BA ED CE B4 EE G......"c.!.....
0210: 18 A1 AD C1 94 60 F3 F0 57 49 BD 0A D4 9E 95 C8 .....`..WI......
0220: EC 4E 42 31 2A 09 A8 60 57 C8 F0 CA 5B 83 C4 8F .NB1*..`W...[...
0230: EA 87 C7 0A A5 E2 66 29 D0 36 33 05 C9 42 98 4E ......f).63..B.N
0240: 11 8D F4 FD 9C 8A 7D 18 C3 36 80 79 3F 29 FD C7 .........6.y?)..
0250: CF 12 E1 F7 0A 20 B4 E2 24 4D A7 84 1A 81 5E 7B ..... ..$M....^.
0260: AC 24 AA 51 12 41 DC 5E 34 0B 8E 1B B6 C9 86 34 .$.Q.A.^4......4
0270: 07 41 E9 41 4A 29 6C 56 5A 92 62 A8 86 79 2E E2 .A.AJ)lVZ.b..y..
0280: 50 5E 7C 3F C8 C6 3C 2E 0D A7 5A F6 50 B0 96 EA P^.?..<...Z.P...
0290: A2 2D D7 21 32 47 88 F5 80 33 CD 5B E9 03 13 DE .-.!2G...3.[....
02A0: C7 52 55 00 55 AC B6 34 48 55 18 33 8C 9B 17 0E .RU.U..4HU.3....
02B0: 1B 07 09 C1 58 3B 86 E2 AF BC B5 2D A4 D2 21 FF ....X;.....-..!.
02C0: B2 2C A8 96 18 FA 53 0B 90 FE F8 DA A1 09 0E F1 .,....S.........
02D0: BD BE 20 34 8D 41 4C B2 FD EA EC F7 17 4D 46 60 .. 4.AL......MF`
02E0: 57 7C E9 84 58 9B AE E3 90 1E BB CD 86 FA ED 60 W...X..........`
02F0: 29 B1 C0 16 22 D5 22 E4 5D 36 EA 6A 3B 83 B8 9A )...".".]6.j;...
0300: A6 43 D8 88 29 03 34 AE 32 31 FC DD D9 D1 A7 9D .C..).4.21......
0310: 4B 56 09 9C 4D 94 D1 C2 BA 11 DE 42 46 12 46 1F KV..M......BF.F.
0320: 12 10 C0 3D 52 EB 40 71 F7 E6 68 E6 53 18 FB E3 ...=R.@q..h.S...
0330: 93 90 0C 6F CD 0D 72 DD E1 7C C6 4D BD 47 EC 69 ...o..r....M.G.i
0340: 8D 12 AE A2 39 25 DD 9E C8 63 54 A3 14 DA F8 8A ....9%...cT.....
0350: 73 11 9F C6 73 CF 84 99 49 5F BE AB 03 F5 B2 78 s...s...I_.....x
0360: 40 41 34 C0 B5 4D D9 12 3B 8D CF 07 10 91 D5 C0 @A4..M..;.......
0370: 17 8D 73 5D B7 C9 32 1F 24 E5 C4 74 83 82 65 26 ..s]..2.$..t..e&
0380: 7B 6E 90 78 A6 30 2E 88 B1 02 CF B7 9D 09 DF EE .n.x.0..........
0390: 6B 9F 20 A8 2E 1D 2D D7 42 71 C0 6A E0 21 EF D0 k. ...-.Bq.j.!..
03A0: 2C 47 AF C2 55 A6 DB C1 6A 9D 6B 32 61 CD B4 82 ,G..U...j.k2a...
03B0: 66 80 76 23 D2 DD 9D EB CB 9C 7C B8 AE 8F 69 9D f.v#..........i.
03C0: C8 8C E8 4A AC CF CF DE 9A B5 10 DB 41 BA 9D F9 ...J........A...
03D0: CB C4 32 5A C7 50 1A 8F 6E 5B 8C 24 3A 26 BD 2E ..2Z.P..n[.$:&..
03E0: BC A9 E4 37 14 CA 56 8B AC B9 59 35 F6 DC E0 AA ...7..V...Y5....
03F0: EC A4 CC 8E 04 7F 3C 5B B2 F0 35 BF 74 0F F5 71 ......<[..5.t..q
0400: F8 A7 C1 72 56 56 4D 59 C8 4C B4 FD 81 E8 98 D5 ...rVVMY.L......
0410: 51 1B E3 94 94 99 46 AF 10 C0 9D 71 37 9D F2 45 Q.....F....q7..E
0420: B2 8D 77 35 4D 87 BA 77 A1 F6 44 BE 85 6D 43 9E ..w5M..w..D..mC.
0430: 8B 0A 34 1B 8F D3 4A CF 76 99 B2 A2 C7 32 30 A9 ..4...J.v....20.
0440: AD F9 97 FC 3D C7 4E D8 82 8A 3D 1D 2A A1 89 20 ....=.N...=.*..
0450: 23 1E 63 2B 50 0B F9 D1 41 08 2D 37 0E 16 70 84 #.c+P...A.-7..p.
0460: 8C 52 6D FB 0D 9D 8F 22 26 A4 81 AE 30 81 AB A0 .Rm...."&...0...
0470: 03 02 01 01 A2 81 A3 04 81 A0 3D 8B 6C 95 87 91 ..........=.l...
0480: 27 41 33 FE C9 8F 71 A9 D1 EE 2C 42 AC F5 D9 CC 'A3...q...,B....
0490: B7 91 2A F2 79 EE F0 94 7F F8 D3 D3 53 0B 26 DC ..*.y.......S.&.
04A0: 1E 10 47 04 33 C8 58 1C B9 30 69 86 9D FD 16 8F ..G.3.X..0i.....
04B0: 87 B5 19 FA 24 4A 88 68 58 7D B1 DE 69 01 45 B4 ....$J.hX...i.E.
04C0: E7 D1 03 E4 3A CD 65 19 6C F7 94 47 10 B1 0F B2 ....:.e.l..G....
04D0: 65 60 3A 87 9F DA 3C 9C 63 4B C0 7E 3D 91 98 9E e`:...<.cK..=...
04E0: E6 7D 89 FE E5 DE 87 1C F8 B4 B5 CD FB 42 3D 35 .............B=5
04F0: 37 23 41 60 9C 23 53 68 28 A2 73 D1 10 66 03 D3 7#A`.#Sh(.s..f..
0500: 5A C5 FC FE 01 BB 41 4C 3F 51 92 A6 44 05 B4 15 Z.....AL?Q..D...
0510: DA 6F 94 E8 E8 41 F5 19 D9 BA .o...A....

Entered Krb5Context.initSecContext with state=STATE_IN_PROCESS
EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
crc32: a50207fa
crc32: 10100101000000100000011111111010
Krb5Context setting peerSeqNumber to: 869014942
[Krb5LoginModule]: Entering logout
[Krb5LoginModule]: logged out Subject
</pre>
Post Details
Locked on Jun 15 2012
Added on May 18 2012
#kerberos-java-gss-jgss
0 comments
5,724 views