kfwdev list:
 
Hi I have a working (gssapi) kerberos authentication mechanism built into an 
application which is currently being deployed.  It has been bullet proof for 
the last month then recently at one location I am receiving errors.  It was 
working at the location for almost one month then out of no where it stopped 
working.  Here is a sample from gssapi logs from the server.:
 

2009-12-09 10:42:14,307 DEBUG root - [GSSKerberos:getGSSInternalName]Entering 
function
2009-12-09 10:42:14,338 INFO  root - 
[GSSKerberos:acceptSecurityContext]GSS_ACQUIRE_CRED being called
2009-12-09 10:42:14,354 INFO  root - 
[GSSKerberos:acceptSecurityContext]GSS_ACCEPT_SEC_CONTEXT being called
2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:acceptSecurityContext]Error 
in gss_accept_sec_context (GSS_S_DEFECTIVE_TOKEN)
2009-12-09 10:42:14,354 DEBUG root - [GSSKerberos:get_status_message]Entering 
get_status_message
2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:get_status_message]GSS-API 
error: Invalid token was supplied
2009-12-09 10:42:14,354 DEBUG root - [GSSKerberos:get_status_message]Entering 
get_status_message
2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:get_status_message]GSS-API 
error: No error
2009-12-09 10:42:14,354 ERROR root - [NetworkSecurity:AcceptClientToken]GSS 
Security context failed.
So it looks like an invalid token was passed from the client.  Something must 
have changed in the server environment but I am having a hard time tracking it 
down.  I was hoping some one could provide some clues to where I can research.  
I reviewed the environment and it looks like all the krb5.ini & environment 
variables are the same.
Thanks for the help in advance.
Steve
_______________________________________________
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev

Reply via email to