--- Begin Message ---
Alex,
Please check your Kerberos configuration and Kerberos principals set-up
for client and server. When you run the SampleClient, you need to
provide the client principal, assigned for Kerberos authentication, for
e.g."[EMAIL PROTECTED]". And the host-based service
principal used by the SampleServer has the format of
"service_name/[EMAIL PROTECTED]".
Here are the guidelines on "Kerberos User and Service Principal Names".
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html#KerbNames
Seema
Don Alex wrote:
Hi doc!!!!:
I am running the Sample with tutorial "Use of JAAS Login Utility and
Java GSS-API for Secure Messages without JAAS programming"
KDC is a Red Hat Linux AS release 3
JDK 1.5
The Code are SampleClient.java y SampleServer.java without relevant
modifications
If anyone has any ideas I'm all ears.
Don Alex
SERVER:
Debug is true storeKey true useTicketCache false useKeyTab false
doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
is false principal is mquiroga/[EMAIL PROTECTED]
tryFirstPass is false useFirstPass is false storePass is false
clearPass is false
Kerberos password for mquiroga/[EMAIL PROTECTED]:
mi
[Krb5LoginModule] user entered username:
mquiroga/[EMAIL PROTECTED]
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 16.
principal is mquiroga/[EMAIL PROTECTED]
Acquire TGT using AS Exchange
EncryptionKey: keyType=3 keyBytes (hex dump)=0000: BA 07 CD 51 70 B6
92 0B
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: BA 07 CD 51 70 B6
92 0B
EncryptionKey: keyType=16 keyBytes (hex dump)=0000: DA A8 7F 2F CE F2
AB F2 EF 2A 32 D5 C1 A8 19 DA .../.....*2.....
0010: F4 67 D3 D5 98 40 01 AD
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 16.
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=157.253.50.33 UDP:88, timeout=30000, number of
retries =3, #bytes=255
KDCCommunication: kdc=157.253.50.33 UDP:88, timeout=30000,Attempt
=1, #bytes=255
KrbKdcReq send: #bytes read=575
KrbKdcReq send: #bytes read=575
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsRep cons in KrbAsReq.getReply mquiroga/pele.uniandes.edu.co
Added server's keyKerberos Principal
mquiroga/[EMAIL PROTECTED] Version 0key
EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: BA 07 CD 51 70 B6 92 0B
[Krb5LoginModule] added Krb5Principal
mquiroga/[EMAIL PROTECTED] to Subject
Added server's keyKerberos Principal
mquiroga/[EMAIL PROTECTED] Version 0key
EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: BA 07 CD 51 70 B6 92 0B
[Krb5LoginModule] added Krb5Principal
mquiroga/[EMAIL PROTECTED] to Subject
Added server's keyKerberos Principal
mquiroga/[EMAIL PROTECTED] Version 0key
EncryptionKey: keyType=16 keyBytes (hex dump)=
0000: DA A8 7F 2F CE F2 AB F2 EF 2A 32 D5 C1 A8 19 DA
.../.....*2.....
0010: F4 67 D3 D5 98 40 01 AD
[Krb5LoginModule] added Krb5Principal
mquiroga/[EMAIL PROTECTED] to Subject
Commit Succeeded
Waiting for incoming connection...
Got connection from client /157.253.50.33
Will READ input token of size 522 for processing by acceptSecContext
Found key for mquiroga/[EMAIL PROTECTED](16)
Found key for mquiroga/[EMAIL PROTECTED](1)
Found key for mquiroga/[EMAIL PROTECTED](3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
EType: sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType
Esto es PrivilegedActionException - INI
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at MyAction.run(Login.java:225)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at Login.main(Login.java:187)
Caused by: GSSException: Failure unspecified at GSS-API level
(Mechanism level: Checksum failed)
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:730)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
at SampleServer.main(SampleServer.java:123)
... 8 more
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.v.b(DashoA12275:77)
at sun.security.krb5.internal.crypto.v.b(DashoA12275:69)
at sun.security.krb5.EncryptedData.decrypt(DashoA12275:157)
at sun.security.krb5.KrbApReq.a(DashoA12275:266)
at sun.security.krb5.KrbApReq.<init>(DashoA12275:134)
at
sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:715)
... 11 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.a3.c(DashoA12275:370)
at sun.security.krb5.internal.crypto.Des3.decrypt(DashoA12275:57)
at sun.security.krb5.internal.crypto.v.b(DashoA12275:75)
... 17 more
Esto es PrivilegedActionException - FIN
CLIENT:
Debug is true storeKey false useTicketCache false useKeyTab false
doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
is false principal is alexmunoz/[EMAIL PROTECTED]
tryFirstPass is false useFirstPass is false storePass is false
clearPass is false
Kerberos password for alexmunoz/[EMAIL PROTECTED]:
al
[Krb5LoginModule] user entered username:
alexmunoz/[EMAIL PROTECTED]
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 16.
principal is alexmunoz/[EMAIL PROTECTED]
Acquire TGT using AS Exchange
EncryptionKey: keyType=3 keyBytes (hex dump)=0000: 25 E3 C8 FD 92 BA
3B 15
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: 25 E3 C8 FD 92 BA
3B 15
EncryptionKey: keyType=16 keyBytes (hex dump)=0000: BF 19 75 43 80 58
58 58 73 A7 C8 7A 10 FD 49 3D ..uC.XXXs..z..I=
0010: 7F 01 9D 3E 89 76 5B 31
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 16.
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=157.253.50.33 UDP:88, timeout=30000, number of
retries =3, #bytes=256
KDCCommunication: kdc=157.253.50.33 UDP:88, timeout=30000,Attempt
=1, #bytes=256
KrbKdcReq send: #bytes read=576
KrbKdcReq send: #bytes read=576
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsRep cons in KrbAsReq.getReply alexmunoz/pele.uniandes.edu.co
Commit Succeeded
Found ticket for alexmunoz/[EMAIL PROTECTED] to go
to krbtgt/[EMAIL PROTECTED] expiring on Sun Nov 14
23:51:36 COT 2004
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for alexmunoz/[EMAIL PROTECTED] to go
to krbtgt/[EMAIL PROTECTED] expiring on Sun Nov 14
23:51:36 COT 2004
Service ticket not found in the subject
Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 16.
CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
crc32: feeb7be6
crc32: 11111110111010110111101111100110
KrbKdcReq send: kdc=157.253.50.33 UDP:88, timeout=30000, number of
retries =3, #bytes=618
KDCCommunication: kdc=157.253.50.33 UDP:88, timeout=30000,Attempt
=1, #bytes=618
KrbKdcReq send: #bytes read=561
KrbKdcReq send: #bytes read=561
EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
crc32: 6f2c6e88
crc32: 1101111001011000110111010001000
KrbApReq: APOptions are 00100000 00000000 00000000 00000000
EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
crc32: f8114632
crc32: 11111000000100010100011000110010
Krb5Context setting mySeqNumber to: 2178
Created InitSecContextToken:
0000: 30 31 20 30 30 20 36 65 20 38 32 20 30 31 20 66 01 00 6e 82
01 f
0010: 35 20 33 30 20 38 32 20 30 31 20 66 31 20 61 30 5 30 82 01 f1
a0
0020: 20 30 33 20 30 32 20 30 31 20 30 35 20 61 31 20 03 02 01 05
a1
0030: 30 33 20 30 32 20 30 31 20 30 65 20 61 32 20 30 03 02 01 0e
a2 0
0040: 37 20 30 33 20 30 35 20 30 30 20 32 30 20 30 30 7 03 05 00 20
00
0050: 20 30 30 20 30 30 20 61 33 20 38 32 20 30 31 20 00 00 a3 82
01
0060: 31 31 20 36 31 20 38 32 20 30 31 20 30 64 20 33 11 61 82 01
0d 3
0070: 30 20 38 32 20 30 31 20 30 39 20 61 30 20 30 33 0 82 01 09 a0
03
0080: 20 30 32 20 30 31 20 30 35 20 61 31 20 31 31 20 02 01 05 a1
11
0090: 31 62 20 30 66 20 35 35 20 34 65 20 34 39 20 34 1b 0f 55 4e
49 4
00A0: 31 20 34 65 20 34 34 20 34 35 20 35 33 20 32 65 1 4e 44 45 53
2e
00B0: 20 34 35 20 34 34 20 35 35 20 32 65 20 34 33 20 45 44 55 2e
43
00C0: 34 66 20 61 32 20 32 35 20 33 30 20 32 33 20 61 4f a2 25 30
23 a
00D0: 30 20 30 33 20 30 32 20 30 31 20 30 30 20 61 31 0 03 02 01 00
a1
00E0: 20 31 63 20 33 30 20 31 61 20 31 62 20 30 37 20 1c 30 1a 1b
07
00F0: 36 62 20 37 32 20 36 32 20 37 34 20 36 37 20 37 6b 72 62 74
67 7
0100: 34 20 33 32 20 31 62 20 30 66 20 35 35 20 34 65 4 32 1b 0f 55
4e
0110: 20 34 39 20 34 31 20 34 65 20 34 34 20 34 35 20 49 41 4e 44
45
0120: 35 33 20 32 65 20 34 35 20 34 34 20 35 35 20 32 53 2e 45 44
55 2
0130: 65 20 34 33 20 34 66 20 61 33 20 38 31 20 63 37 e 43 4f a3 81
c7
0140: 20 33 30 20 38 31 20 63 34 20 61 30 20 30 33 20 30 81 c4 a0
03
0150: 30 32 20 30 31 20 31 30 20 61 31 20 30 33 20 30 02 01 10 a1
03 0
0160: 32 20 30 31 20 30 33 20 61 32 20 38 31 20 62 37 2 01 03 a2 81
b7
0170: 20 30 34 20 38 31 20 62 34 20 39 31 20 37 36 20 04 81 b4 91
76
0180: 30 64 20 39 39 20 32 37 20 37 61 20 36 66 20 36 0d 99 27 7a
6f 6
0190: 38 20 39 34 20 62 64 20 32 65 20 62 63 20 61 33 8 94 bd 2e bc
a3
01A0: 20 63 65 20 34 36 20 65 66 20 64 63 20 63 36 20 ce 46 ef dc
c6
01B0: 38 33 20 33 32 20 38 61 20 61 66 20 66 33 20 32 83 32 8a af
f3 2
01C0: 32 20 37 61 20 31 36 20 37 32 20 31 39 20 61 65 2 7a 16 72 19
ae
01D0: 20 37 30 20 65 38 20 31 62 20 34 32 20 62 63 20 70 e8 1b 42
bc
01E0: 65 32 20 34 38 20 65 61 20 31 63 20 37 35 20 64 e2 48 ea 1c
75 d
01F0: 65 20 35 36 20 63 63 20 39 38 20 35 64 20 61 63 e 56 cc 98 5d
ac
0200: 20 36 66 20 65 62 20 64 30 20 66 31 20 61 66 20 6f eb d0 f1
af
0210: 36 33 20 61 35 20 65 35 20 34 36 20 61 35 20 31 63 a5 e5 46
a5 1
0220: 33 20 38 37 20 62 61 20 37 64 20 64 37 20 65 31 3 87 ba 7d d7
e1
0230: 20 65 35 20 34 34 20 32 32 20 33 65 20 64 36 20 e5 44 22 3e
d6
0240: 64 62 20 39 32 20 63 38 20 61 65 20 32 31 20 31 db 92 c8 ae
21 1
0250: 65 20 64 36 20 36 38 20 64 31 20 33 32 20 65 37 e d6 68 d1 32
e7
0260: 20 30 65 20 37 31 20 37 65 20 39 66 20 32 35 20 0e 71 7e 9f
25
0270: 61 61 20 37 34 20 65 39 20 30 39 20 66 37 20 30 aa 74 e9 09
f7 0
0280: 64 20 35 33 20 62 66 20 63 36 20 62 62 20 66 63 d 53 bf c6 bb
fc
0290: 20 32 36 20 33 30 20 30 31 20 62 31 20 64 35 20 26 30 01 b1
d5
02A0: 64 63 20 38 31 20 66 32 20 36 62 20 64 37 20 62 dc 81 f2 6b
d7 b
02B0: 66 20 31 63 20 37 34 20 36 61 20 35 39 20 63 34 f 1c 74 6a 59
c4
02C0: 20 66 36 20 66 35 20 66 63 20 34 62 20 65 32 20 f6 f5 fc 4b
e2
02D0: 61 32 20 35 66 20 66 37 20 31 63 20 61 62 20 38 a2 5f f7 1c
ab 8
02E0: 31 20 64 33 20 61 61 20 65 38 20 30 65 20 35 36 1 d3 aa e8 0e
56
02F0: 20 64 62 20 36 34 20 37 30 20 61 31 20 62 39 20 db 64 70 a1
b9
0300: 32 35 20 35 61 20 66 63 20 30 63 20 65 64 20 62 25 5a fc 0c
ed b
0310: 39 20 39 31 20 63 61 20 66 66 20 62 36 20 30 31 9 91 ca ff b6
01
0320: 20 38 30 20 66 31 20 36 38 20 34 36 20 39 61 20 80 f1 68 46
9a
0330: 32 33 20 30 62 20 65 36 20 38 38 20 64 36 20 61 23 0b e6 88
d6 a
0340: 34 20 63 64 20 65 37 20 33 36 20 66 32 20 30 35 4 cd e7 36 f2
05
0350: 20 63 63 20 38 32 20 61 65 20 31 66 20 30 64 20 cc 82 ae 1f
0d
0360: 31 33 20 35 64 20 36 66 20 36 31 20 32 64 20 34 13 5d 6f 61
2d 4
0370: 32 20 34 36 20 36 31 20 62 31 20 61 35 20 35 66 2 46 61 b1 a5
5f
0380: 20 32 61 20 34 36 20 61 38 20 36 37 20 38 62 20 2a 46 a8 67
8b
0390: 31 39 20 34 65 20 61 34 20 38 31 20 63 36 20 33 19 4e a4 81
c6 3
03A0: 30 20 38 31 20 63 33 20 61 30 20 30 33 20 30 32 0 81 c3 a0 03
02
03B0: 20 30 31 20 30 31 20 61 32 20 38 31 20 62 62 20 01 01 a2 81
bb
03C0: 30 34 20 38 31 20 62 38 20 31 34 20 62 65 20 30 04 81 b8 14
be 0
03D0: 36 20 36 61 20 30 34 20 39 62 20 62 31 20 65 35 6 6a 04 9b b1
e5
03E0: 20 38 32 20 34 36 20 39 66 20 39 65 20 62 31 20 82 46 9f 9e
b1
03F0: 37 37 20 31 61 20 37 30 20 65 35 20 62 62 20 35 77 1a 70 e5
bb 5
0400: 36 20 38 31 20 35 34 20 30 63 20 65 63 20 37 38 6 81 54 0c ec
78
0410: 20 64 32 20 33 65 20 34 61 20 32 34 20 66 39 20 d2 3e 4a 24
f9
0420: 30 65 20 31 32 20 39 64 20 36 30 20 32 33 20 31 0e 12 9d 60
23 1
0430: 37 20 65 39 20 34 66 20 66 31 20 61 39 20 34 63 7 e9 4f f1 a9
4c
0440: 20 33 64 20 30 37 20 63 38 20 63 65 20 66 33 20 3d 07 c8 ce
f3
0450: 34 65 20 62 37 20 66 34 20 34 61 20 63 31 20 32 4e b7 f4 4a
c1 2
0460: 64 20 64 64 20 31 33 20 39 38 20 35 34 20 34 66 d dd 13 98 54
4f
0470: 20 31 35 20 35 34 20 38 39 20 61 66 20 35 61 20 15 54 89 af
5a
0480: 62 62 20 33 33 20 64 38 20 62 32 20 65 36 20 31 bb 33 d8 b2
e6 1
0490: 38 20 34 32 20 35 30 20 63 38 20 62 66 20 65 61 8 42 50 c8 bf
ea
04A0: 20 33 63 20 32 62 20 62 34 20 32 37 20 32 32 20 3c 2b b4 27
22
04B0: 33 35 20 63 31 20 66 63 20 66 35 20 38 34 20 38 35 c1 fc f5
84 8
04C0: 39 20 31 34 20 61 63 20 61 33 20 32 32 20 62 35 9 14 ac a3 22
b5
04D0: 20 30 63 20 65 34 20 34 36 20 66 39 20 63 30 20 0c e4 46 f9
c0
04E0: 39 37 20 31 62 20 30 62 20 37 65 20 38 64 20 62 97 1b 0b 7e
8d b
04F0: 66 20 65 66 20 33 64 20 33 66 20 66 32 20 62 34 f ef 3d 3f f2
b4
0500: 20 64 33 20 65 64 20 65 33 20 62 64 20 30 36 20 d3 ed e3 bd
06
0510: 31 38 20 32 62 20 39 62 20 35 66 20 37 65 20 63 18 2b 9b 5f
7e c
0520: 66 20 39 34 20 33 32 20 35 65 20 37 34 20 66 66 f 94 32 5e 74
ff
0530: 20 62 61 20 34 66 20 38 64 20 62 35 20 64 34 20 ba 4f 8d b5
d4
0540: 34 37 20 32 62 20 35 34 20 64 33 20 63 31 20 65 47 2b 54 d3
c1 e
0550: 32 20 65 64 20 62 64 20 38 34 20 30 61 20 64 34 2 ed bd 84 0a
d4
0560: 20 31 66 20 34 37 20 32 30 20 31 35 20 33 32 20 1f 47 20 15
32
0570: 65 32 20 35 39 20 30 37 20 61 37 20 61 31 20 34 e2 59 07 a7
a1 4
0580: 31 20 37 39 20 38 66 20 31 36 20 33 37 20 30 39 1 79 8f 16 37
09
0590: 20 37 31 20 36 62 20 63 33 20 33 35 20 36 33 20 71 6b c3 35
63
05A0: 39 35 20 33 32 20 35 34 20 66 38 20 62 61 20 32 95 32 54 f8
ba 2
05B0: 33 20 37 61 20 39 36 20 38 65 20 61 36 20 30 63 3 7a 96 8e a6
0c
05C0: 20 66 31 20 65 33 20 32 37 20 33 33 20 33 38 20 f1 e3 27 33
38
05D0: 63 31 20 36 66 20 39 36 20 64 31 20 33 30 20 36 c1 6f 96 d1
30 6
05E0: 62 20 33 35 20 37 38 20 62 61 20 66 66 20 36 35 b 35 78 ba ff
65
05F0: 20
Context Established!
Client is alexmunoz/[EMAIL PROTECTED]
Server is krbtgt2/[EMAIL PROTECTED]
Remaining lifetime in seconds = 2147483647
Context mechanism = 1.2.840.113554.1.2.2
Initiator = alexmunoz/[EMAIL PROTECTED]
Acceptor = krbtgt2/[EMAIL PROTECTED]
Confidentiality (i.e., privacy) is available
Integrity is available
Mutual authentication took place!
QoP es: 0 [EMAIL PROTECTED]
Krb5Context.wrap: data=[48 65 6c 6c 6f 20 54 68 65 72 65 21 00 ]
Esto es una GSSException de wrap Security context init/accept not yet
called or context deleted (Mechanism level: Wrap called in invalid
state!)
GSSException: Security context init/accept not yet called or context
deleted (Mechanism level: Wrap called in invalid state!)
at sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:785)
at sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:342)
at SampleClient.main(SampleClient.java:244)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at MyAction.run(Login.java:225)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at Login.main(Login.java:187)
Esto es una GSSException de wrap Security context init/accept not yet
called or context deleted (Mechanism level: Wrap called in invalid
state!)
Will send wrap token of size 522
Esto es PrivilegedActionException - INI
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at MyAction.run(Login.java:225)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at Login.main(Login.java:187)
Caused by: java.io.EOFException
at java.io.DataInputStream.readInt(DataInputStream.java:358)
at SampleClient.main(SampleClient.java:264)
... 8 more
Esto es PrivilegedActionException - FIN
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
--- End Message ---
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
