[jcifs] Re: Kerberos Problem

Jan Gärtner gaert at gg-see.de
Mon Mar 19 07:37:22 GMT 2007 

Ok, I try to explain my problem more detailed. I'm trying to connect to a CIFS
share in an Windows 2003 Server environment from a J2EE application on a WAS
server (IBM JRE 1.4.2) to list files and folders of this share. Since NTLM
authentication seems not to be secure enough (even it is working fine), I want
to implement Kerberos authentication.

And here I am facing the problem, that the authentication seems to work in the
first glance, but than an exception is thrown.

Here is the output

[JGSS_DBG_CRED] JAAS config: debug=true
[JGSS_DBG_CRED] JAAS config: principal=user at AD.TEST.LOCAL
[JGSS_DBG_CRED] JAAS config: credsType=initiate only (default)
[JGSS_DBG_CRED] JAAS config: useDefaultCcache=false (default)
[JGSS_DBG_CRED] JAAS config: useDefaultKeytab=false (default)
[JGSS_DBG_CRED] JAAS config: forwardable=false (default)
[JGSS_DBG_CRED] JAAS config: proxiable=false (default)
[JGSS_DBG_CRED] JAAS config: noAddress=false (default)
[JGSS_DBG_CRED] JAAS config: tryFirstPass=true
[JGSS_DBG_CRED] JAAS config: useFirstPass=false (default)
[JGSS_DBG_CRED] JAAS config: moduleBanner=false (default)
[JGSS_DBG_CRED] JAAS config: interactive login? yes
[JGSS_DBG_CRED] Doing Kerberos login for principal user at AD.TEST.LOCAL
[KRB_DBG_KDC] HostAddresses:main: >>> KrbKdcReq local addresses for PC are:
[KRB_DBG_KDC] HostAddresses:main:
	CL3G7297/9.155.25.169
[KRB_DBG_KDC] HostAddresses:main:
	CL3G7297/192.168.59.1
[KRB_DBG_KDC] HostAddresses:main:
	CL3G7297/192.168.10.1
[KRB_DBG_KDC] EncryptionKey:main: >>> EncryptionKey: config default key type is
des-cbc-crc
[KRB_DBG_KDC] KrbKdcReq:main: >>> KrbKdcReq send:
kdc=bcrs-finanzit3.AD.TEST.LOCAL UDP:88, timeout=30000, number of retries =3,
#bytes=254
[KRB_DBG_KDC] KrbKdcReq:main: >>> KrbKdcReq send: #bytes read=1295
[KRB_DBG_KDC] KrbKdcReq:main: >>> KrbKdcReq send: #bytes read=1295
[JGSS_DBG_CRED] Kerberos login complete
[KRB_DBG_KDC] Credentials:main:Client Name:user at AD.TEST.LOCAL
[KRB_DBG_KDC] Credentials:main: Session Key is Only Service Key
[KRB_DBG_KDC] Credentials:main: Session Key is Only Service Key
[JGSS_DBG_CRED] Login successful
[JGSS_DBG_CRED] user at AD.TEST.LOCAL added to Subject
[JGSS_DBG_CRED] Kerberos ticket for user at AD.TEST.LOCAL added to Subject
[JGSS_DBG_CRED] No keys to add to Subject for user at AD.TEST.LOCAL
[KRB_DBG_KDC] Credentials:main:Client Name:user at AD.TEST.LOCAL
org.ietf.jgss.GSSException, Hauptcode: 16, Nebencode: 0
  Hauptzeichenfolge: Operation ist nicht verfügbar oder nicht implementiert
  Nebenzeichenfolge: Nicht implementiert
  at
com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java)
  at com.ibm.security.jgss.mech.krb5.k.requestAnonymity(k.java:541)
  at com.ibm.security.jgss.GSSContextImpl.requestAnonymity(GSSContextImpl.java)
  at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:235)
  at jcifs.smb.Kerb5Authenticator.setup(Kerb5Authenticator.java:181)
  at jcifs.smb.Kerb5Authenticator.access$000(Kerb5Authenticator.java:24)
  at jcifs.smb.Kerb5Authenticator$1.run(Kerb5Authenticator.java:162)
  at java.security.AccessController.doPrivileged1(Native Method)
  at java.security.AccessController.doPrivileged(AccessController.java:389)
  at javax.security.auth.Subject.doAs(Subject.java:555)
  at jcifs.smb.Kerb5Authenticator.sessionSetup(Kerb5Authenticator.java:160)
  at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:298)
  at jcifs.smb.SmbSession.send(SmbSession.java:269)
  at jcifs.smb.SmbTree.treeConnect(SmbTree.java:154)
  at jcifs.smb.SmbFile.connect(SmbFile.java:806)
  at jcifs.smb.SmbFile.connect0(SmbFile.java:772)
  at jcifs.smb.SmbFile.send(SmbFile.java:663)
  at jcifs.smb.SmbFile.doFindFirstNext(SmbFile.java:1805)
  at jcifs.smb.SmbFile.listFiles(SmbFile.java:1641)
  at jcifs.smb.SmbFile.listFiles(SmbFile.java:1525)
  at cifsAccessPrototype.KerberosAuthExample2.main(KerberosAuthExample2.java)
jcifs.smb.SmbException: org.ietf.jgss.GSSException, Hauptcode: 16, Nebencode: 0
  Hauptzeichenfolge: Operation ist nicht verfügbar oder nicht implementiert
  Nebenzeichenfolge: Nicht implementiert
  at jcifs.smb.Kerb5Authenticator.setup(Kerb5Authenticator.java:219)
  at jcifs.smb.Kerb5Authenticator.access$000(Kerb5Authenticator.java:24)
  at jcifs.smb.Kerb5Authenticator$1.run(Kerb5Authenticator.java:162)
  at java.security.AccessController.doPrivileged1(Native Method)
  at java.security.AccessController.doPrivileged(AccessController.java:389)
  at javax.security.auth.Subject.doAs(Subject.java:555)
  at jcifs.smb.Kerb5Authenticator.sessionSetup(Kerb5Authenticator.java:160)
  at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:298)
  at jcifs.smb.SmbSession.send(SmbSession.java:269)
  at jcifs.smb.SmbTree.treeConnect(SmbTree.java:154)
  at jcifs.smb.SmbFile.connect(SmbFile.java:806)
  at jcifs.smb.SmbFile.connect0(SmbFile.java:772)
  at jcifs.smb.SmbFile.send(SmbFile.java:663)
  at jcifs.smb.SmbFile.doFindFirstNext(SmbFile.java:1805)
  at jcifs.smb.SmbFile.listFiles(SmbFile.java:1641)
  at jcifs.smb.SmbFile.listFiles(SmbFile.java:1525)
  at cifsAccessPrototype.KerberosAuthExample2.main(KerberosAuthExample2.java)

I hope anyone could help...

More information about the jcifs mailing list