Hi I have a working (gssapi) kerberos authentication mechanism built into an application which is currently being deployed. It has been bullet proof for the last month then recently at one location I am receiving errors. It was working at the location for almost one month then out of no where it stopped working. Here is a sample from gssapi logs from the server.:
2009-12-09 10:42:14,307 DEBUG root - [GSSKerberos:getGSSInternalName] Entering function 2009-12-09 10:42:14,338 INFO root - [GSSKerberos:acceptSecurityContext]GSS_ACQUIRE_CRED being called 2009-12-09 10:42:14,354 INFO root - [GSSKerberos:acceptSecurityContext]GSS_ACCEPT_SEC_CONTEXT being called 2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:acceptSecurityContext]Error in gss_accept_sec_context (GSS_S_DEFECTIVE_TOKEN) 2009-12-09 10:42:14,354 DEBUG root - [GSSKerberos:get_status_message] Entering get_status_message 2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:get_status_message] GSS-API error: Invalid token was supplied 2009-12-09 10:42:14,354 DEBUG root - [GSSKerberos:get_status_message] Entering get_status_message 2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:get_status_message] GSS-API error: No error 2009-12-09 10:42:14,354 ERROR root - [NetworkSecurity:AcceptClientToken]GSS Security context failed. So it looks like an invalid token was passed from the client. Something must have changed in the server environment but I am having a hard time tracking it down. I was hoping some one could provide some clues to where I can research. I reviewed the environment and it looks like all the krb5.ini & environment variables are the same. Thanks for the help in advance. Steve ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos