kfw error (GSS_S_DEFECTIVE_TOKEN) -- looking for direction
steve@terapak.com
steve at terapak.com
Wed Dec 9 16:26:30 EST 2009
kfwdev list:
Hi I have a working (gssapi) kerberos authentication mechanism built into an application which is currently being deployed. It has been bullet proof for the last month then recently at one location I am receiving errors. It was working at the location for almost one month then out of no where it stopped working. Here is a sample from gssapi logs from the server.:
2009-12-09 10:42:14,307 DEBUG root - [GSSKerberos:getGSSInternalName]Entering function
2009-12-09 10:42:14,338 INFO root - [GSSKerberos:acceptSecurityContext]GSS_ACQUIRE_CRED being called
2009-12-09 10:42:14,354 INFO root - [GSSKerberos:acceptSecurityContext]GSS_ACCEPT_SEC_CONTEXT being called
2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:acceptSecurityContext]Error in gss_accept_sec_context (GSS_S_DEFECTIVE_TOKEN)
2009-12-09 10:42:14,354 DEBUG root - [GSSKerberos:get_status_message]Entering get_status_message
2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:get_status_message]GSS-API error: Invalid token was supplied
2009-12-09 10:42:14,354 DEBUG root - [GSSKerberos:get_status_message]Entering get_status_message
2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:get_status_message]GSS-API error: No error
2009-12-09 10:42:14,354 ERROR root - [NetworkSecurity:AcceptClientToken]GSS Security context failed.
So it looks like an invalid token was passed from the client. Something must have changed in the server environment but I am having a hard time tracking it down. I was hoping some one could provide some clues to where I can research. I reviewed the environment and it looks like all the krb5.ini & environment variables are the same.
Thanks for the help in advance.
Steve
More information about the kfwdev
mailing list