Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Kerberos 5 Loginmodule: Pre-authentication information was invalid (24)

506 views

Skip to first unread message

Thomas Konrath

unread,

Feb 19, 2003, 10:49:12 AM2/19/03

Hi !!!

We are doing a project for our university and we have a problem
concerning the Kerberos 5 Loginmodul from sun.

We are using the class com.sun.security.auth.module.Krb5LoginModule in
our Java project. We have configured the krb5.ini file as it is
described under http://www.lns.cornell.edu/public/COMP/krb5/admin/admin_3.html#SEC16.

Actually, it runs well in our testdomain but not in the real domain in
our university (both are Windows 2000 Domains with Windows 2000 and
Windows XP workstations).

When we are try to log on, we get to following exception:
16:21:35,680 INFO [STDOUT] Debug is true storeKey false
useTicketCache false useKeyTab false doNot
Prompt false ticketCache is null KeyTab is null principal is null
tryFirstPass is false useFirstPass
is false storePass is false clearPass is false
16:21:35,680 INFO [STDOUT] [Krb5LoginModule] user entered
username: konrat
16:21:35,690 INFO [STDOUT] principal is kon...@SAFE.LOCAL
16:21:35,740 INFO [STDOUT] [Krb5LoginModule]
authentication failed
Pre-authentication information was invalid (24)
16:21:35,750 ERROR [STDERR] javax.security.auth.login.LoginException:
Pre-authentication information
was invalid (24)
16:21:35,750 ERROR [STDERR] at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthenticatio
n(Krb5LoginModule.java:568)
16:21:35,750 ERROR [STDERR] at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModul
e.java:458)
16:21:35,750 ERROR [STDERR] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:21:35,750 ERROR [STDERR] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorI
mpl.java:39)
16:21:35,750 ERROR [STDERR] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA
ccessorImpl.java:25)
16:21:35,750 ERROR [STDERR] at
java.lang.reflect.Method.invoke(Method.java:324)
16:21:35,750 ERROR [STDERR] at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:6
75)
16:21:35,750 ERROR [STDERR] at
javax.security.auth.login.LoginContext.access$000(LoginContext.ja
va:129)
16:21:35,760 ERROR [STDERR] at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:61
0)
16:21:35,760 ERROR [STDERR] at
java.security.AccessController.doPrivileged(Native Method)
16:21:35,760 ERROR [STDERR] at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.
java:607)
16:21:35,760 ERROR [STDERR] at
javax.security.auth.login.LoginContext.login(LoginContext.java:53
4)
16:21:35,760 ERROR [STDERR] at
edu.ima.safe.security.auth.spi.Krb5LdapLoginModule.login(Krb5Ldap
LoginModule.java:336)
16:21:35,760 ERROR [STDERR] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:21:35,760 ERROR [STDERR] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorI
mpl.java:39)
16:21:35,760 ERROR [STDERR] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA
ccessorImpl.java:25)
16:21:35,760 ERROR [STDERR] at
java.lang.reflect.Method.invoke(Method.java:324)
16:21:35,760 ERROR [STDERR] at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:6
75)
16:21:35,760 ERROR [STDERR] at
javax.security.auth.login.LoginContext.access$000(LoginContext.ja
va:129)
16:21:35,770 ERROR [STDERR] at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:61
0)
16:21:35,770 ERROR [STDERR] at
java.security.AccessController.doPrivileged(Native Method)
16:21:35,770 ERROR [STDERR] at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.
java:607)
16:21:35,770 ERROR [STDERR] at
javax.security.auth.login.LoginContext.login(LoginContext.java:53
4)
16:21:35,770 ERROR [STDERR] at
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasS
ecurityManager.java:462)
16:21:35,770 ERROR [STDERR] at
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasS
ecurityManager.java:417)
16:21:35,770 ERROR [STDERR] at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecuri
tyManager.java:244)
16:21:35,770 ERROR [STDERR] at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecuri
tyManager.java:219)
16:21:35,770 ERROR [STDERR] at
org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociatio
n(SecurityInterceptor.java:169)
16:21:35,770 ERROR [STDERR] at
org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInte
rceptor.java:94)
16:21:35,780 ERROR [STDERR] at
org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.ja
va:129)
16:21:35,780 ERROR [STDERR] at
org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessi
onContainer.java:300)
16:21:35,780 ERROR [STDERR] at
org.jboss.ejb.plugins.local.BaseLocalContainerInvoker.invokeHome(
BaseLocalContainerInvoker.java:230)
16:21:35,780 ERROR [STDERR] at
org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.
java:110)
16:21:35,780 ERROR [STDERR] at $Proxy23.create(Unknown Source)
16:21:35,780 ERROR [STDERR] at
org.apache.jsp.ejbsecurepage$jsp._jspService(ejbsecurepage$jsp.ja
va:65)
16:21:35,780 ERROR [STDERR] at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:10
7)
16:21:35,780 ERROR [STDERR] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
16:21:35,780 ERROR [STDERR] at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(Js
pServlet.java:201)
16:21:35,780 ERROR [STDERR] at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.ja
va:381)
16:21:35,780 ERROR [STDERR] at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:473)

16:21:35,790 ERROR [STDERR] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
16:21:35,790 ERROR [STDERR] at
org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java
:360)
16:21:35,790 ERROR [STDERR] at
org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebAppli
cationHandler.java:280)
16:21:35,790 ERROR [STDERR] at
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.ja
va:553)
16:21:35,790 ERROR [STDERR] at
org.mortbay.http.HttpContext.handle(HttpContext.java:1717)
16:21:35,790 ERROR [STDERR] at
org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplica
tionContext.java:549)
16:21:35,790 ERROR [STDERR] at
org.mortbay.http.HttpContext.handle(HttpContext.java:1667)
16:21:35,790 ERROR [STDERR] at
org.mortbay.http.HttpServer.service(HttpServer.java:862)
16:21:35,790 ERROR [STDERR] at
org.jboss.jetty.Jetty.service(Jetty.java:497)
16:21:35,790 ERROR [STDERR] at
org.mortbay.http.HttpConnection.service(HttpConnection.java:759)
16:21:35,790 ERROR [STDERR] at
org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:92
3)
16:21:35,800 ERROR [STDERR] at
org.mortbay.http.HttpConnection.handle(HttpConnection.java:776)
16:21:35,800 ERROR [STDERR] at
org.mortbay.http.SocketListener.handleConnection(SocketListener.j
ava:202)
16:21:35,800 ERROR [STDERR] at
org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:289)
16:21:35,800 ERROR [STDERR] at
org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:455)
16:21:35,800 ERROR [STDERR] Caused by: KrbException:
Pre-authentication information was invalid (24)

16:21:35,800 ERROR [STDERR] at
sun.security.krb5.KrbAsRep.<init>(DashoA6275:62)
16:21:35,800 ERROR [STDERR] at
sun.security.krb5.KrbAsReq.getReply(DashoA6275:308)
16:21:35,800 ERROR [STDERR] at
sun.security.krb5.Credentials.acquireTGT(DashoA6275:333)
16:21:35,800 ERROR [STDERR] at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthenticatio
n(Krb5LoginModule.java:559)
16:21:35,810 ERROR [STDERR] ... 54 more
16:21:35,810 ERROR [STDERR] Caused by: KrbException: Identifier
doesn't match expected value (906)
16:21:35,810 ERROR [STDERR] at
sun.security.krb5.internal.af.a(DashoA6275:129)
16:21:35,810 ERROR [STDERR] at
sun.security.krb5.internal.au.a(DashoA6275:58)
16:21:35,810 ERROR [STDERR] at
sun.security.krb5.internal.au.<init>(DashoA6275:53)
16:21:35,810 ERROR [STDERR] at
sun.security.krb5.KrbAsRep.<init>(DashoA6275:48)
16:21:35,810 ERROR [STDERR] ... 57 more

--> PLEASE HELP !!!!!!!!!!!!!!!!!!!!!!!!!!!!

Thanx,

Tom

Klaas Hagemann

unread,

Feb 19, 2003, 1:19:52 PM2/19/03

to kerb...@mit.edu

Thomas Konrath schrieb:

> Hi !!!
>
> We are doing a project for our university and we have a problem
> concerning the Kerberos 5 Loginmodul from sun.
>
> We are using the class com.sun.security.auth.module.Krb5LoginModule in
> our Java project. We have configured the krb5.ini file as it is
> described under http://www.lns.cornell.edu/public/COMP/krb5/admin/admin_3.html#SEC16.
>
> Actually, it runs well in our testdomain but not in the real domain in
> our university (both are Windows 2000 Domains with Windows 2000 and
> Windows XP workstations).

So you have differences between your test domain and your real domain.
Since you have problems with the preauthentication i would say, that
your real domain forces preauthentication and your test domain does not
or the other way. Check your principals in the real domain and in your
testdomain if the flaf "requires preauthentication" is set.

Klaas

> ________________________________________________
> Kerberos mailing list Kerb...@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

________________________________________________
Kerberos mailing list Kerb...@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Thomas Konrath

unread,

Feb 21, 2003, 3:46:55 AM2/21/03

Hi !!!

We configured one user in our real domain so that it does not require
a Kerberos preauthentication but the problem still is still the same.

In our test domain, every user was configured to require a
preauthentication and it works fine ...

Could it be a problem that our test domain is in mixed-mode and the
real domain is in Windows 2000 native mode?

Thanx ...

cu,
Tom

kerb...@northsailor.de (Klaas Hagemann) wrote in message news:<3E53CB54...@northsailor.de>...

0 new messages