Reminder of your subscription to sympa-users

2012-06-13 Thread sympa-users-request 
Your are subscriber of list sympa-us...@listes.renater.fr with  email
archive@mail-archive.com

Everything about this list: https://listes.renater.fr/sympa/info/sympa-users

Unsubscription:
mailto:sy...@listes.renater.fr?subject=sig%20sympa-users%20archive%40mail-archive.com

WebSphere Application Server: Kerberos authentication: WWSS7212E Cannot verify security context token ...

2012-06-13 Thread dWForums 
Author:
Henk-Jan

Message:
We're trying to configure an application using Kerberos authentication. 
Invoking the service fails with the following error message:

security.wssecurity.WSSContextImpl.s02: 
com.ibm.websphere.security.WSSecurityException: Exception 
org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an 
exception: javax.security.auth.login.LoginException: CWWSS7212E: Cannot verify 
security context token using the reference information from the derived key 
token element ocurred while running action: 
com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@37fa37fa

We're using WAS version 7.0.0.19 and a WCF client to access the service.

Analysing the logfile, we conclude:
- the specified keytab file is being found and used (SPN 
HTTP/rs6sv303.office01.internalcorp@office01.internalcorp.net)
- the kerberos user identity is correctly determined (eo30021)

However, there are some strange error messages we cannot explain:

6/13/12 15:21:06:958 CEST 002d TokenHolder 
setInboundTokenToContext(TGSAuthToken newtoken, MessageContext messageContext) 
Entry
6/13/12 15:21:06:958 CEST 002d TokenHolder   3   The operation context is 
NULL!!!

and 

6/13/12 15:21:06:993 CEST 002d DKTConsumeLog   initialize(Subject subject, 
CallbackHandler handler, Map sharedState, Map options) Entry
6/13/12 15:21:06:993 CEST 002d WSSAuditServi   
isEventRequired(WSSAuditService.WSSAuditEventType eventTypeSECURITY_AUTHN, 
WSSAuditService.WSSAuditOutcome out
comeSUCCESS, Maplt;Object, Objectgt; context) Entry
6/13/12 15:21:06:993 CEST 002d WSSAuditServi 3   Usage error, context 
should not be null
6/13/12 15:21:06:993 CEST 002d WSSAuditServi   isRequired returns: false 
Exit

Can anybody point me into a direction where I should look for a solution for 
this error message?

Thanks,
Henk-Jan.

The logfile contains much more information which I won't include right away, 
but I think this part is the most relevant part:

6/13/12 15:21:06:941 CEST 002d KRBSPNList  KRBSPNList() Entry
6/13/12 15:21:06:941 CEST 002d KRBSPNList  loadProvSPN() Entry
6/13/12 15:21:06:941 CEST 002d KRBSPNList  getKeyTabEntries() Entry
6/13/12 15:21:06:942 CEST 002d KRBSPNList3   Obtained KeyTab Instance
6/13/12 15:21:06:942 CEST 002d KRBSPNList3   kverno 4 spn 
HTTP/rs6sv303.office01.internalcorp@office01.internalcorp.net
6/13/12 15:21:06:944 CEST 002d KRBSPN  KRBSPN() Entry
6/13/12 15:21:06:944 CEST 002d KRBSPN  KRBSPN() Exit
6/13/12 15:21:06:944 CEST 002d KRBSPN  setSPN(name, realm) Entry
6/13/12 15:21:06:944 CEST 002d KRBSPN  setSPN(name, realm) Exit
6/13/12 15:21:06:944 CEST 002d KRBSPN  KRBSPN() Entry
6/13/12 15:21:06:944 CEST 002d KRBSPN  KRBSPN() Exit
6/13/12 15:21:06:944 CEST 002d KRBSPNList3   Custom SPN added to 
listhttp://HTTP/rs6sv303.OFFICE01.INTERNALCORP.NET
6/13/12 15:21:06:944 CEST 002d KRBSPNList  getKeyTabEntries() Exit
6/13/12 15:21:06:945 CEST 002d KRBSPNList  loadProvSPN() Exit
6/13/12 15:21:06:945 CEST 002d KRBSPNList  KRBSPNList() Exit
6/13/12 15:21:06:945 CEST 002d KRB5Util
isSubKeyEncTypeSupported()... Entry
6/13/12 15:21:06:946 CEST 002d KRB5Util  3   CONTEXT_SUB_KEY_ENC: 23
6/13/12 15:21:06:946 CEST 002d KRB5Util  3   CONTEXT_SUB_KEY_ENC: 
java.lang.Integer
6/13/12 15:21:06:946 CEST 002d KRB5Util  3   Current Kerberos subkey 
encryption type value: 23
6/13/12 15:21:06:946 CEST 002d KRB5Util  3   Current Kerberos subkey 
encryption type: rc4-hmac
6/13/12 15:21:06:946 CEST 002d KRB5Util  3   Kerberos encryption type: 
rc4-hmac is tolerated.
6/13/12 15:21:06:946 CEST 002d KRB5Util  3   Supported Kerberos sub key 
encryption type in Web services security: aes128-cts-hmac-sha1-96 , 
aes256-cts-hmac-
sha1-96, des3-cbc-sha1
6/13/12 15:21:06:946 CEST 002d KRB5Util
isSubKeyEncTypeSupported()... Exit
6/13/12 15:21:06:947 CEST 002d KRBConsumeLog 3   Key of type: [B with 
encryption type: java.lang.Integer from token as follows...^M
:  4d091fe9 3ef84da8 69487b05 910d8fd8M... .M. iH{. 
0010:

6/13/12 15:21:06:947 CEST 002d KRBConsumeLog 3   Request token processed OK
6/13/12 15:21:06:947 CEST 002d KRBConsumeLog 3   getAuthenticatedUsername: 
WebSphere Security principal = eo30021
6/13/12 15:21:06:947 CEST 002d KRBConsumeLog 3   Kerberos client principal: 
eo30021
6/13/12 15:21:06:949 CEST 002d CacheableToke   CacheableTokenCacheImpl 
Entry
6/13/12 15:21:06:950 CEST 002d CacheableToke   CacheableTokenCacheImpl Exit
6/13/12 15:21:06:950 CEST 002d WSSecurityFac 3   factory key = 
com.ibm.ws.wssecurity.platform.cacheableTokenCache
6/13/12 15:21:06:950 CEST 002d WSSecurityFac 3   factory impl class = 
com.ibm.ws.wssecurity.platform.websphere.auth.CacheableTokenCacheImpl
6/13/12 15:21:06:950 CEST 002d CacheableToke

confirm dd5be7e746e11a3d0115efc65d39ec26acd2bc37

2012-06-13 Thread arin-issued-request 
Mailing list subscription confirmation notice for mailing list
ARIN-issued

We have received a request from 75.190.180.93 for subscription of your
email address, archive@mail-archive.com, to the arin-iss...@arin.net
mailing list.  To confirm that you want to be added to this mailing
list, simply reply to this message, keeping the Subject: header
intact.  Or visit this web page:


http://lists.arin.net/mailman/confirm/arin-issued/dd5be7e746e11a3d0115efc65d39ec26acd2bc37


Or include the following line -- and only the following line -- in a
message to arin-issued-requ...@arin.net:

confirm dd5be7e746e11a3d0115efc65d39ec26acd2bc37

Note that simply sending a `reply' to this message should work from
most mail readers, since that usually leaves the Subject: line in the
right form (additional Re: text in the Subject: is okay).

If you do not wish to be subscribed to this list, please simply
disregard this message.  If you think you are being maliciously
subscribed to the list, or have any other questions, send them to
arin-issued-ow...@arin.net.

confirm 36f00f378e115d6e835a84926f0927006459ba8b

2012-06-13 Thread arin-discuss-request 
Mailing list subscription confirmation notice for mailing list
ARIN-discuss

We have received a request from 75.190.180.93 for subscription of your
email address, archive@mail-archive.com, to the
arin-disc...@arin.net mailing list.  To confirm that you want to be
added to this mailing list, simply reply to this message, keeping the
Subject: header intact.  Or visit this web page:


http://lists.arin.net/mailman/confirm/arin-discuss/36f00f378e115d6e835a84926f0927006459ba8b


Or include the following line -- and only the following line -- in a
message to arin-discuss-requ...@arin.net:

confirm 36f00f378e115d6e835a84926f0927006459ba8b

Note that simply sending a `reply' to this message should work from
most mail readers, since that usually leaves the Subject: line in the
right form (additional Re: text in the Subject: is okay).

If you do not wish to be subscribed to this list, please simply
disregard this message.  If you think you are being maliciously
subscribed to the list, or have any other questions, send them to
arin-discuss-ow...@arin.net.