Problem with Java (j2sdk1.4.2_03 on a Windows XP client) and

Jeffrey Altman jaltman2 at nyc.rr.com
Tue Jun 1 09:01:45 EDT 2004


Apparently Java's Kerberos implementation does not
support using TCP connections to obtain Kerberos tickets.
This is required when using Windows 2003 Active Directory
as the KDC because the Kerberos tickets must include all
of the Windows ACL data.  The Kerberos tickets are therefore
larger then the maximum size of a UDP packet.

Jeffrey Altman


Rouiller Claude wrote:
> When I start (java-) kinit I get the following output:
> 
> C:\DEV\OioTutorial>java -Dsun.security.krb5.debug=true
> sun.security.krb5.internal.tools.Kinit sso_testuser
> Config name: c:\winnt\krb5.ini
> 
>>>>KinitOptions cache name is C:\Documents and
> 
> Settings\sso_testadmin\krb5cc_sso_testadmin
> Principal is sso_testuser at SSOTEST.RTC.CH
> Password for sso_testuser at SSOTEST.RTC.CH:123
> 
>>>>Kinit console input 123
>>>>Kinit realm name is SSOTEST.RTC.CH
>>>>Creating KrbAsReq
>>>>KrbKdcReq local addresses for pcc2079 are:
> 
> 
>         pcc2079/159.29.193.35
> 
>>>>KrbAsReq salt is SSOTEST.RTC.CHsso_testuser
>>>>EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>>>KrbAsReq calling createMessage
>>>>KrbAsReq in createMessage
>>>>KrbAsReq etypes are: 3 1
>>>>Kinit: sending as_req to realm SSOTEST.RTC.CH
>>>>KrbKdcReq send: kdc=rtcnt978.ssotest.rtc.ch UDP:88, timeout=30000,
> 
> number of retries =3, #bytes=251
> 
>>>>KDCCommunication: kdc=rtcnt978.ssotest.rtc.ch UDP:88,
> 
> timeout=30000,Attempt =1, #bytes=251
> 
>>>>KrbKdcReq send: #bytes read=100
>>>>KrbKdcReq send: #bytes read=100
>>>>reading response from kdc
>>>>KDCRep: init() encoding tag is 126 req type is 11
>>>>KRBError:
> 
>          sTime is Tue Jun 01 11:17:27 CEST 2004 1086081447000
>          suSec is 511665
>          error code is 52
>          error Message is Response too big for UDP, retry with TCP
>          realm is SSOTEST.RTC.CH
>          sname is krbtgt/SSOTEST.RTC.CH
> Exception in thread "main" java.lang.IllegalAccessError: tried to access
> class sun.security.krb5.KrbKdcReq from class
> sun.security.krb5.internal.tools.Kinit
>         at sun.security.krb5.internal.tools.Kinit.<init>(Unknown Source)
>         at sun.security.krb5.internal.tools.Kinit.main(Unknown Source)
> 
> Do you have any idea why i get this exception?
> 
> Thanks in advance
> Claude
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu


More information about the Kerberos mailing list