We are doing a project for our university and we have a problem
concerning the Kerberos 5 Loginmodul from sun.
We are using the class com.sun.security.auth.module.Krb5LoginModule in
our Java project. We have configured the krb5.ini file as it is
described under http://www.lns.cornell.edu/public/COMP/krb5/admin/admin_3.html#SEC16.
Actually, it runs well in our testdomain but not in the real domain in
our university (both are Windows 2000 Domains with Windows 2000 and
Windows XP workstations).
When we are try to log on, we get to following exception:
16:21:35,680 INFO [STDOUT] Debug is true storeKey false
useTicketCache false useKeyTab false doNot
Prompt false ticketCache is null KeyTab is null principal is null
tryFirstPass is false useFirstPass
is false storePass is false clearPass is false
16:21:35,680 INFO [STDOUT] [Krb5LoginModule] user entered
username: konrat
16:21:35,690 INFO [STDOUT] principal is kon...@SAFE.LOCAL
16:21:35,740 INFO [STDOUT] [Krb5LoginModule]
authentication failed
Pre-authentication information was invalid (24)
16:21:35,750 ERROR [STDERR] javax.security.auth.login.LoginException:
Pre-authentication information
was invalid (24)
16:21:35,750 ERROR [STDERR] at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthenticatio
n(Krb5LoginModule.java:568)
16:21:35,750 ERROR [STDERR] at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModul
e.java:458)
16:21:35,750 ERROR [STDERR] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:21:35,750 ERROR [STDERR] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorI
mpl.java:39)
16:21:35,750 ERROR [STDERR] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA
ccessorImpl.java:25)
16:21:35,750 ERROR [STDERR] at
java.lang.reflect.Method.invoke(Method.java:324)
16:21:35,750 ERROR [STDERR] at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:6
75)
16:21:35,750 ERROR [STDERR] at
javax.security.auth.login.LoginContext.access$000(LoginContext.ja
va:129)
16:21:35,760 ERROR [STDERR] at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:61
0)
16:21:35,760 ERROR [STDERR] at
java.security.AccessController.doPrivileged(Native Method)
16:21:35,760 ERROR [STDERR] at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.
java:607)
16:21:35,760 ERROR [STDERR] at
javax.security.auth.login.LoginContext.login(LoginContext.java:53
4)
16:21:35,760 ERROR [STDERR] at
edu.ima.safe.security.auth.spi.Krb5LdapLoginModule.login(Krb5Ldap
LoginModule.java:336)
16:21:35,760 ERROR [STDERR] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:21:35,760 ERROR [STDERR] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorI
mpl.java:39)
16:21:35,760 ERROR [STDERR] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA
ccessorImpl.java:25)
16:21:35,760 ERROR [STDERR] at
java.lang.reflect.Method.invoke(Method.java:324)
16:21:35,760 ERROR [STDERR] at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:6
75)
16:21:35,760 ERROR [STDERR] at
javax.security.auth.login.LoginContext.access$000(LoginContext.ja
va:129)
16:21:35,770 ERROR [STDERR] at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:61
0)
16:21:35,770 ERROR [STDERR] at
java.security.AccessController.doPrivileged(Native Method)
16:21:35,770 ERROR [STDERR] at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.
java:607)
16:21:35,770 ERROR [STDERR] at
javax.security.auth.login.LoginContext.login(LoginContext.java:53
4)
16:21:35,770 ERROR [STDERR] at
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasS
ecurityManager.java:462)
16:21:35,770 ERROR [STDERR] at
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasS
ecurityManager.java:417)
16:21:35,770 ERROR [STDERR] at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecuri
tyManager.java:244)
16:21:35,770 ERROR [STDERR] at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecuri
tyManager.java:219)
16:21:35,770 ERROR [STDERR] at
org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociatio
n(SecurityInterceptor.java:169)
16:21:35,770 ERROR [STDERR] at
org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInte
rceptor.java:94)
16:21:35,780 ERROR [STDERR] at
org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.ja
va:129)
16:21:35,780 ERROR [STDERR] at
org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessi
onContainer.java:300)
16:21:35,780 ERROR [STDERR] at
org.jboss.ejb.plugins.local.BaseLocalContainerInvoker.invokeHome(
BaseLocalContainerInvoker.java:230)
16:21:35,780 ERROR [STDERR] at
org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.
java:110)
16:21:35,780 ERROR [STDERR] at $Proxy23.create(Unknown Source)
16:21:35,780 ERROR [STDERR] at
org.apache.jsp.ejbsecurepage$jsp._jspService(ejbsecurepage$jsp.ja
va:65)
16:21:35,780 ERROR [STDERR] at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:10
7)
16:21:35,780 ERROR [STDERR] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
16:21:35,780 ERROR [STDERR] at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(Js
pServlet.java:201)
16:21:35,780 ERROR [STDERR] at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.ja
va:381)
16:21:35,780 ERROR [STDERR] at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:473)
16:21:35,790 ERROR [STDERR] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
16:21:35,790 ERROR [STDERR] at
org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java
:360)
16:21:35,790 ERROR [STDERR] at
org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebAppli
cationHandler.java:280)
16:21:35,790 ERROR [STDERR] at
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.ja
va:553)
16:21:35,790 ERROR [STDERR] at
org.mortbay.http.HttpContext.handle(HttpContext.java:1717)
16:21:35,790 ERROR [STDERR] at
org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplica
tionContext.java:549)
16:21:35,790 ERROR [STDERR] at
org.mortbay.http.HttpContext.handle(HttpContext.java:1667)
16:21:35,790 ERROR [STDERR] at
org.mortbay.http.HttpServer.service(HttpServer.java:862)
16:21:35,790 ERROR [STDERR] at
org.jboss.jetty.Jetty.service(Jetty.java:497)
16:21:35,790 ERROR [STDERR] at
org.mortbay.http.HttpConnection.service(HttpConnection.java:759)
16:21:35,790 ERROR [STDERR] at
org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:92
3)
16:21:35,800 ERROR [STDERR] at
org.mortbay.http.HttpConnection.handle(HttpConnection.java:776)
16:21:35,800 ERROR [STDERR] at
org.mortbay.http.SocketListener.handleConnection(SocketListener.j
ava:202)
16:21:35,800 ERROR [STDERR] at
org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:289)
16:21:35,800 ERROR [STDERR] at
org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:455)
16:21:35,800 ERROR [STDERR] Caused by: KrbException:
Pre-authentication information was invalid (24)
16:21:35,800 ERROR [STDERR] at
sun.security.krb5.KrbAsRep.<init>(DashoA6275:62)
16:21:35,800 ERROR [STDERR] at
sun.security.krb5.KrbAsReq.getReply(DashoA6275:308)
16:21:35,800 ERROR [STDERR] at
sun.security.krb5.Credentials.acquireTGT(DashoA6275:333)
16:21:35,800 ERROR [STDERR] at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthenticatio
n(Krb5LoginModule.java:559)
16:21:35,810 ERROR [STDERR] ... 54 more
16:21:35,810 ERROR [STDERR] Caused by: KrbException: Identifier
doesn't match expected value (906)
16:21:35,810 ERROR [STDERR] at
sun.security.krb5.internal.af.a(DashoA6275:129)
16:21:35,810 ERROR [STDERR] at
sun.security.krb5.internal.au.a(DashoA6275:58)
16:21:35,810 ERROR [STDERR] at
sun.security.krb5.internal.au.<init>(DashoA6275:53)
16:21:35,810 ERROR [STDERR] at
sun.security.krb5.KrbAsRep.<init>(DashoA6275:48)
16:21:35,810 ERROR [STDERR] ... 57 more
--> PLEASE HELP !!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thanx,
Tom
Klaas
> ________________________________________________
> Kerberos mailing list Kerb...@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerb...@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
We configured one user in our real domain so that it does not require
a Kerberos preauthentication but the problem still is still the same.
In our test domain, every user was configured to require a
preauthentication and it works fine ...
Could it be a problem that our test domain is in mixed-mode and the
real domain is in Windows 2000 native mode?
Thanx ...
cu,
Tom
kerb...@northsailor.de (Klaas Hagemann) wrote in message news:<3E53CB54...@northsailor.de>...