Thanks guys for all your help. I've now handed the project off to another
group to look at... I could get the client to autheticate using either the
JAAS methodology or use straight GSS with the keytab file, but I could not
get the server portion to work either way.
Thanks again so much!
On
I think your problem is in the use of the createName.
Normally a services uses a Kerbeors principal of service/host@realm
You are trying to use a user principal another/[EMAIL PROTECTED]
The use of the @ when calling the createName is not the same
as used in a Kerberos principal. (GSS is
Douglas E. Engert wrote:
Laurence Brockman wrote:
Tried that already too and received:
GSSException: GSSException: No valid credentials provided (Mechanism
level:
Failed to find any Kerberos Key)
Then you have to get the key into the keytab. This is the way a server
works,
It does
Laurence Brockman wrote:
[EMAIL PROTECTED] laurence]# more /tmp/jaas.conf
/** Login Configuration
**/
JaasServer {
com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true
storeKey=true keyTab=/etc/krb5.keytab;
};
*Code from GSSAuthorizor:*
GSSManager manager =
Laurence Brockman wrote:
Tried that already too and received:
GSSException: GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos Key)
Then you have to get the key into the keytab. This is the way a server works,
It does not try and get a ticket.
The server is running on the same machine as the client.
I have one development box running.
Server is running as a tomcat servlet (Utilizing Apache's Axis SOAP
interface). The client contacts the kerberos server, grabs the appropriate
ticket and uses the GSS API to generate a ticket. The
On 11/30/05, Douglas E. Engert [EMAIL PROTECTED] wrote:
So you are using GSSAPI, and passing the GSSAPI tokens via soap betwen the
clint and server. And the server accepts the authentication.
Prior to the server even looking at the packet from the client, it needs to
contact the kerberos
If I do not try and use the lc.login() method and instead try to pull from
the /etc/krb5.keytab file then I get the below error:
10988 [http-8080-Processor25] DEBUG
org.apache.ws.security.kerberos.GSSAuthorizor - Setting Realm/KDC/Config to
BWOO.COM/10.0.78.20//tmp/jaas.conf
10988
Laurence wrote:
Hey guys, hopefully someone can help me out here.
I am having a problem with authenticating a user to a KDC (I believe
the MIT reference implementation) using Java (JDK1.5 and JDK1.4)
through GSS.
Here is the background:
I have two processes running on one machine (Client
Laurence Brockman wrote:
I can authenticate as that particular principal in the client portion of the
code that I have written using exactly the same case, etc.
I have a server and a client portion of code that pass GSS-wrapped kerberos
tokens through a SOAP connection
So you are using
Douglas E. Engert wrote On 11/30/05 08:27,:
Laurence wrote:
Hey guys, hopefully someone can help me out here.
I am having a problem with authenticating a user to a KDC (I believe
the MIT reference implementation) using Java (JDK1.5 and JDK1.4)
through GSS.
Here is the background:
I have
Laurence Brockman wrote:
On 11/30/05, Douglas E. Engert [EMAIL PROTECTED] wrote:
So you are using GSSAPI, and passing the GSSAPI tokens via soap betwen the
clint and server. And the server accepts the authentication.
Prior to the server even looking at the packet from the client, it
Hey guys, hopefully someone can help me out here.
I am having a problem with authenticating a user to a KDC (I believe
the MIT reference implementation) using Java (JDK1.5 and JDK1.4)
through GSS.
Here is the background:
I have two processes running on one machine (Client and Server).
1.
Debug is true storeKey false useTicketCache false useKeyTab false
doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
is false principal is another/admin tryFirstPass is false useFirstPass
is false storePass is false clearPass is false
[Krb5LoginModule]
14 matches
Mail list logo