Please check the service principal name that you pass as args[0] in your code.
Here is an example: Oid krb5 = new Oid("1.2.840.113554.1.2.2"); // create a host based service name GSSName name = manager.createName("[EMAIL PROTECTED]", GSSName.NT_HOSTBASED_SERVICE, krb5); Seema [EMAIL PROTECTED] wrote: > So Im trying to figure out what, if anything, I did wrong that my code > dosnt work for "simple" host names (host names with a single dot, like > foo.com or slushpupie.com). > > I managed to reduce the code to around 40 lines to illistrate my > problem. When the following program is run with using a principal > containing a hostname with multiple dots (e.g. foo.bar.com) it > executes perfectly. However, with a simple hostname (like foo.com or > slushpupie.com) I get the following error: > > > $ java GetKeytab [EMAIL PROTECTED] > serviceName: [EMAIL PROTECTED] > Debug is true storeKey true useTicketCache false useKeyTab true > doNotPrompt true ticketCache is null isInitiator true KeyTab is > /etc/jabber.keytab refreshKrb5Config is false principal is > xmpp/slushpupie.com tryFirstPass is false useFirstPass is false > storePass is false clearPass is false > principal's key obtained from the keytab > Acquire TGT using AS Exchange > principal is xmpp/[EMAIL PROTECTED] > EncryptionKey: keyType=1 keyBytes (hex dump)=0000: B6 44 3E B5 C4 02 9E 23 > EncryptionKey: keyType=16 keyBytes (hex dump)=0000: 83 44 76 08 C8 70 > 61 46 9B 29 C4 E6 C1 D5 0E 32 .#v..paF.).....2 > 0010: 4C 44 2F 85 0E 0B 46 5E > Added server's keyKerberos Principal > xmpp/[EMAIL PROTECTED] Version 3key EncryptionKey: > keyType=1 keyBytes (hex dump)= > 0000: B6 44 3E B5 C4 02 9E 23 > > [Krb5LoginModule] added Krb5Principal > xmpp/[EMAIL PROTECTED] to Subject > Added server's keyKerberos Principal > xmpp/[EMAIL PROTECTED] Version 3key EncryptionKey: > keyType=16 keyBytes (hex dump)= > 0000: 83 44 76 08 C8 70 61 46 9B 29 C4 E6 C1 D5 0E 32 .#v..paF.).....2 > 0010: 4C 44 2F 85 0E 0B 46 5E > > [Krb5LoginModule] added Krb5Principal > xmpp/[EMAIL PROTECTED] to Subject > Commit Succeeded > > GSSException: No valid credentials provided (Mechanism level: Failed > to find any Kerberos Key) > at > sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:75) > at > sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:77) > at > sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149) > at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:389) > at > sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:45) > at > sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102) > at GetKeytab.main(GetKeytab.java:27) > > > > What I notice as odd, is in the debugging it seems to find the keytab > and principal ok, but fails to get any useful keys from it. > > Here is the code: > > import java.security.*; > import javax.security.sasl.*; > import javax.security.auth.*; > import javax.security.auth.login.*; > import org.ietf.jgss.*; > > public class GetKeytab { > public static void main(String args[]) { > try { > > System.setProperty("java.security.auth.login.config","gss.conf"); > System.setProperty("sun.security.jgss.debug","true"); > > System.setProperty("javax.security.auth.useSubjectCredsOnly","false"); > Oid KRB5_OID = new Oid("1.2.840.113554.1.2.2"); > GSSManager mgr = GSSManager.getInstance(); > GSSName serviceName= mgr.createName( > args[0], > GSSName.NT_HOSTBASED_SERVICE, > KRB5_OID); > System.out.println("serviceName: > "+serviceName.toString()); > GSSCredential cred = mgr.createCredential( > serviceName, > GSSCredential.INDEFINITE_LIFETIME, > KRB5_OID, > GSSCredential.ACCEPT_ONLY); > GSSContext secCtx = mgr.createContext(cred); > System.out.println("Context lifetime: > "+secCtx.getLifetime()); > } catch (Exception e) { > e.printStackTrace(); > return; > } > } > } > > > gss.conf: > com.sun.security.jgss.accept { > com.sun.security.auth.module.Krb5LoginModule required storeKey=true > keyTab="krb5.keytab" doNotPrompt=true useKeyTab=true > principal="xmpp/[EMAIL PROTECTED]" debug=true; > }; > > Note that I do change the principal in the gss.conf to match what > GetKeytab is being run with. > > Any hints at all? > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos