[jcifs] SPNEGO NTLM/Kerberos
andlebedev
andlebedev at list.ru
Tue May 8 12:26:09 GMT 2007
Hello, venerable programmers!
I've big trouble with SPNEGO Kerberos, using jcifs pack "jcifs-spnego-0001.tar"
(http://lists.samba.org/archive/jcifs/2004-June/003497.html).
I done all settings by instruction (see upper link).
So, the trobule is:
when user connects from another computer to my web-apache-server, I get such log:
======================================================================================================
16:09:22,062 INFO AuthenticationFilter:185 - MSG: Negotiate YIIFSwYGKwYBBQUCoIIFPzCCBTugJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBREEggUNYIIFCQYJKoZIhvcSAQICAQBuggT4MIIE9KADAgEFoQMCAQ6iBwMFACAAAACjggQWYYIEEjCCBA6gAwIBBaEVGxNURVNUU1BORUdPLk5CS0kuTVNLoi4wLKADAgECoSUwIxsESFRUUBsbaW5mbzAzOC50ZXN0c3BuZWdvLm5ia2kubXNro4IDvjCCA7qgAwIBF6KCA7EEggOt94ygpjUupFl6DoOQAGxiXgXjVITemYbc4uEgoEUv5yiyx0huSPBikTWPfUUmy+gmODlEl2OYtlZDd8oGbkV0EScoA5+YkQtKBQN0G55k9R6Nk1dGPqfkRTrT8n9KwlHxlZ8nAEvBlkiSR7O9tuMUElvbK7yQV2fiwceHmdbm8MCSlWD3HC1SsC2jiyd1WRWggPa8H2HJuwNY2CrBPpPJV/t5tdiVBe4JnSb61lfAD4Ld3jSr5OUgaM5D4spUYW58EKAcc/33bmafxwcRCpMTvnqgy4avGlciNaf5sMU4sqliFXkkP9gXv3WwZYiysvuy1nlav6ni4265njhNBS//VP3M1tPdC9kX+XHN4OXmKY4vE6jsU+qEAHIJjmMd+/sDWe6qQVWUflA87Go675yxtfruYMNViBOaHImS+N1DNnbvbJ+O3SXZisDKKBxw28mEQrbxqpxurn5wOu2EcoRq2OYWb2WZubpYMjXxrw7dZs41l42rCEchKgAy242c5Gq7/FgrCLnTiVBLWlwOuG/DrGzEz9e+aAfapA5InpzL/XGBKaL2GFrQXDp8cerJ9AvUG4X/pqh6UWqQvMzEecaWxO9oXD6ljUrQcbDButcjHyHlf5CklCHE2Z52ndQ13
8pm4nFLihjEw6vcjpo02g3t4HjacDzScu8guGu+oNgHCe9Wm10RkLYUUiiY4IHfqXdu4lydof+SfaMHB9pfCa1r1tYhFwK0+qgZTM29W6FYuRbLWrSMfdsVIBeQRxRQCOVAeQ/8QsCBLD4i3Npo/QcfzSxMRYdUTXdhDaExtrFiMeG/TMBHumDAujoBQT1namhDgm8k3D+o309H2/vj6F23gDmaB4aIPbtVLmCuFXKQIJrJuBG2s0jmKBZaY2u6YZTR2FHXMLieOw5F6kiKn8vzKr66PeRt4+lm2osAx1lqeA7TuhwqTR8QXnCJk50tIaiq6ejr7pbGmtMeVfbHGDNt/ls40dl/MOf2KIJa4vmD7BPATUsmZFoN7FUc/23rpnG/8NXAbIISyoSwtXUjz73ud09jW9QLwmQUXey+Pc8htrTMrAJ+QpMzJNaovoLIrgdv3Igw6dGS5sc5mif9rwgEX3CiDj3V/MfyNSloT4L0+RjHEoTD5bUiPnwzPmErpiDdKlnN1ziU9wIv3+/6QWNluMNHBXdb4wBFOEvUqwZ48u1Jgx3Gwxeib8XyPe3YHy0rl4Y3YGWXNIXjnmUQz61HAdpV4806ODzxZPaG84qkgcQwgcGgAwIBF6KBuQSBtuR1ZasdMi0TKV//wLvGTeOJkgkoPi4MH6j2NEyShwGyt+xf9azPV71vq1RlqtXiie/zJh8q7mVxwgLzWOFaZ01jVIAQeVAn1u/q2c7dhbrjrQYya2WvpWnguErHSWgAPJ/WRM/M8L/aRH+Mube79C8Ah/iy880sn2aAacdVgRqx+YrlMdXCvAXwqeHAbwwdUriSGVNCBkXvA+oHbCs6T5KcCDQinV1oHkdU6QdMQ+zRgiw3xJm7
16:09:22,062 INFO AuthenticationFilter:199 - auth type: Negotiate
16:09:22,062 INFO AuthenticationFilter:201 - NEGOTIATE
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=10.230.231.96 UDP:88, timeout=30000, number of retries =3, #bytes=170
>>> KDCCommunication: kdc=10.230.231.96 UDP:88, timeout=30000,Attempt =1, #bytes=170
>>> KrbKdcReq send: #bytes read=661
>>> KrbKdcReq send: #bytes read=661
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/info038
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Found key for HTTP/info038 at TESTSPNEGO.TEST.MSK(17)
Found key for HTTP/info038 at TESTSPNEGO.TEST.MSK(3)
Found key for HTTP/info038 at TESTSPNEGO.TEST.MSK(1)
Found key for HTTP/info038 at TESTSPNEGO.TEST.MSK(16)
Found key for HTTP/info038 at TESTSPNEGO.TEST.MSK(23)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Checksum failed !
jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
at jcifs.spnego.Authentication.processKerberos(Authentication.java:448)
at jcifs.spnego.Authentication.processSpnego(Authentication.java:346)
at jcifs.spnego.Authentication.process(Authentication.java:235)
at ru.krb.filter.Negotiate.authenticate(Negotiate.java:45)
at ru.krb.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:203)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at jcifs.spnego.Authentication.processKerberos(Authentication.java:431)
... 18 more
Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
... 23 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at jcifs.spnego.Authentication$ServerAction.run(Authentication.java:518)
... 25 more
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
... 30 more
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
... 32 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388)
at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83)
... 38 more
16:09:25,527 ERROR [action]:253 - Servlet.service() for servlet action threw exception
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at jcifs.spnego.Authentication.processKerberos(Authentication.java:431)
at jcifs.spnego.Authentication.processSpnego(Authentication.java:346)
at jcifs.spnego.Authentication.process(Authentication.java:235)
at ru.krb.filter.Negotiate.authenticate(Negotiate.java:45)
at ru.krb.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:203)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
... 23 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at jcifs.spnego.Authentication$ServerAction.run(Authentication.java:518)
... 25 more
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
... 30 more
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
... 32 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388)
at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83)
... 38 more
===========================================================================
So, please help me anybody, I stuffed here, and don't know, who to fix this problem.
More information about the jcifs
mailing list