Re: SpnegoAuthenticator gives GSSException (Desired initLifetime) wih IBM JDK

2013-10-09 Thread Michael-O 

Am 2013-10-09 17:28, schrieb Chawla, Rachit:




Hi All,

I am struggling on SSO configuration using SPENGO mechanism on Tomcat 7.0.42 
but not able to get it working. We tried on 7.0.29 version too.  Since I get 
Login Successful in logs, I assume Kerberos login was successful. Its 
SpnegoAuthentication that is failing.

Exception:

java.security.PrivilegedActionException: org.ietf.jgss.GSSException, major 
code: 11, minor code: 0
  major string: General failure, unspecified at GSSAPI level
  minor string: Desired initLifetime zero or less


Used http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html as 
reference. On decompiling SpnegoAuthenticator code, we saw that we are using 
GSSCredential.DEFAULT_LIFETIME in createCredential method, which might be the 
reason for the exception.

final PrivilegedExceptionAction action =
  new PrivilegedExceptionAction() {
  @Override
  public GSSCredential run() throws GSSException {
  return manager.createCredential(null,
  GSSCredential.DEFAULT_LIFETIME,
  new Oid("1.3.6.1.5.5.2"),
  GSSCredential.ACCEPT_ONLY);
  }
  };


Hi,

I am using the same source code for my SpnegoAuthenticator with an Oracle JVM 
on Windows and a HP VM on HP-UX.

Something must be different/wrong with the JGSS Provider from IBM.

What you could do is download my source [1], change the lifetime to 
GSSCredential.INDEFINITE_LIFETIME and see whether it fixes the problem.

Michael

[1] http://tomcatspnegoad.sourceforge.net/download.html


Thanks Michael. It did solve the issue.
Not sure, if it will be acceptable as  a fix,  due to constraints and stuff.

Appreciate the effort :).


If this one works, are you able to file a bug with IBM's JVM?

The behavior should be the same as in Oracle's VM or MIT/Heimdal Kerberos.

Michael


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: SpnegoAuthenticator gives GSSException (Desired initLifetime) wih IBM JDK

2013-10-09 Thread Chawla, Rachit 


> Hi All,
>
> I am struggling on SSO configuration using SPENGO mechanism on Tomcat 7.0.42 
> but not able to get it working. We tried on 7.0.29 version too.  Since I get 
> Login Successful in logs, I assume Kerberos login was successful. Its 
> SpnegoAuthentication that is failing.
>
> Exception:
>
> java.security.PrivilegedActionException: org.ietf.jgss.GSSException, major 
> code: 11, minor code: 0
>  major string: General failure, unspecified at GSSAPI level
>  minor string: Desired initLifetime zero or less
>
>
> Used http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html as 
> reference. On decompiling SpnegoAuthenticator code, we saw that we are using 
> GSSCredential.DEFAULT_LIFETIME in createCredential method, which might be the 
> reason for the exception.
>
> final PrivilegedExceptionAction action =
>  new PrivilegedExceptionAction() {
>  @Override
>  public GSSCredential run() throws GSSException {
>  return manager.createCredential(null,
>  GSSCredential.DEFAULT_LIFETIME,
>  new Oid("1.3.6.1.5.5.2"),
>  GSSCredential.ACCEPT_ONLY);
>  }
>  };

Hi,

I am using the same source code for my SpnegoAuthenticator with an Oracle JVM 
on Windows and a HP VM on HP-UX.

Something must be different/wrong with the JGSS Provider from IBM.

What you could do is download my source [1], change the lifetime to 
GSSCredential.INDEFINITE_LIFETIME and see whether it fixes the problem.

Michael

[1] http://tomcatspnegoad.sourceforge.net/download.html


Thanks Michael. It did solve the issue. 
Not sure, if it will be acceptable as  a fix,  due to constraints and stuff.

Appreciate the effort :). 

This email and any files transmitted with it are confidential, proprietary and 
intended solely for the individual or entity to whom they are addressed. If you 
have received this email in error please delete it immediately.

Re: SpnegoAuthenticator gives GSSException (Desired initLifetime) wih IBM JDK

2013-10-08 Thread Michael-O 

Am 2013-10-08 10:39, schrieb Chawla, Rachit:

Hi All,

I am struggling on SSO configuration using SPENGO mechanism on Tomcat 7.0.42 
but not able to get it working. We tried on 7.0.29 version too.  Since I get 
Login Successful in logs, I assume Kerberos login was successful. Its 
SpnegoAuthentication that is failing.

Exception:

java.security.PrivilegedActionException: org.ietf.jgss.GSSException, major 
code: 11, minor code: 0
 major string: General failure, unspecified at GSSAPI level
 minor string: Desired initLifetime zero or less


Used http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html as 
reference. On decompiling SpnegoAuthenticator code, we saw that we are using 
GSSCredential.DEFAULT_LIFETIME in createCredential method, which might be the 
reason for the exception.

final PrivilegedExceptionAction action =
 new PrivilegedExceptionAction() {
 @Override
 public GSSCredential run() throws GSSException {
 return manager.createCredential(null,
 GSSCredential.DEFAULT_LIFETIME,
 new Oid("1.3.6.1.5.5.2"),
 GSSCredential.ACCEPT_ONLY);
 }
 };


Hi,

I am using the same source code for my SpnegoAuthenticator with an 
Oracle JVM on Windows and a HP VM on HP-UX.


Something must be different/wrong with the JGSS Provider from IBM.

What you could do is download my source [1], change the lifetime to 
GSSCredential.INDEFINITE_LIFETIME and see whether it fixes the problem.


Michael

[1] http://tomcatspnegoad.sourceforge.net/download.html


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org