A problem with GSS-API (kdc = SEAM by SUN): GSSException Failure unspecified at GSS-API level (Mechanism level: Integrity check on decrypted field failed (31)) - GSSException: Defective token detected (Mechanism level: AP_REP token id does not match!
Don Alex
alexmunoz at uniandes.edu.co
Sun Nov 14 17:12:57 EST 2004
Hi doc!!!!:
I am running the Sample with tutorial "Use of JAAS Login Utility and
Java GSS-API for Secure Messages without JAAS programming"
KDC is a SEAM in Solaris 9
JDK 1.5
The Code are SampleClient.java y SampleServer.java without relevant
modifications
If anyone has any ideas I'm all ears.
Don Alex
SERVER:
Waiting for incoming connection...
Got connection from client /157.253.50.59
Will read input token of size 517 for processing by acceptSecContext
Debug is true storeKey true useTicketCache false useKeyTab false
doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
is false principal is null tryFirstPass is false useFirstPass is false
storePass is false clearPass is false
Kerberos username [root]: alexmunoz/utria.uniandes.edu.co
Kerberos password for alexmunoz/utria.uniandes.edu.co: al
[Krb5LoginModule] user entered username:
alexmunoz/utria.uniandes.edu.co
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 16.
principal is alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO
Acquire TGT using AS Exchange
EncryptionKey: keyType=3 keyBytes (hex dump)=0000: B9 86 13 75 13 2C
AB F1
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: B9 86 13 75 13 2C
AB F1
EncryptionKey: keyType=16 keyBytes (hex dump)=0000: AD 58 02 92 1A 5E
B9 C2 BA 6D B0 64 0B 70 AE 1F .X...^...m.d.p..
0010: 6D 98 C8 16 68 A4 16 19
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 16.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=utria.uniandes.edu.co UDP:88, timeout=30000,
number of retries =3, #bytes=257
>>> KDCCommunication: kdc=utria.uniandes.edu.co UDP:88,
timeout=30000,Attempt =1, #bytes=257
>>> KrbKdcReq send: #bytes read=563
>>> KrbKdcReq send: #bytes read=563
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply alexmunoz/utria.uniandes.edu.co
Added server's keyKerberos Principal
alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.COKey Version 0key
EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: B9 86 13 75 13 2C AB F1
[Krb5LoginModule] added Krb5Principal
alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO to Subject
Added server's keyKerberos Principal
alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.COKey Version 0key
EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: B9 86 13 75 13 2C AB F1
[Krb5LoginModule] added Krb5Principal
alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO to Subject
Added server's keyKerberos Principal
alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.COKey Version 0key
EncryptionKey: keyType=16 keyBytes (hex dump)=
0000: AD 58 02 92 1A 5E B9 C2 BA 6D B0 64 0B 70 AE 1F
.X...^...m.d.p..
0010: 6D 98 C8 16 68 A4 16 19
[Krb5LoginModule] added Krb5Principal
alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO to Subject
Commit Succeeded
Found key for alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO(3)
Found key for alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO(16)
Found key for alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO(1)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: b2075a55
>>>crc32: 10110010000001110101101001010101
GSSException Failure unspecified at GSS-API level (Mechanism level:
Integrity check on decrypted field failed (31))
GSSException: Failure unspecified at GSS-API level (Mechanism level:
Integrity check on decrypted field failed (31))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:730)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
at SampleServer.main(SampleServer.java:117)
Caused by: KrbException: Integrity check on decrypted field failed
(31)
at sun.security.krb5.internal.crypto.t.b(DashoA12275:154)
at sun.security.krb5.internal.crypto.s.b(DashoA12275:77)
at sun.security.krb5.EncryptedData.decrypt(DashoA12275:157)
at sun.security.krb5.KrbApReq.a(DashoA12275:266)
at sun.security.krb5.KrbApReq.<init>(DashoA12275:134)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:715)
... 3 more
GSSException Failure unspecified at GSS-API level (Mechanism level:
Integrity check on decrypted field failed (31))
Will send token of size 517 from acceptSecContext.
Exception in thread "main" java.io.EOFException
at java.io.DataInputStream.readInt(DataInputStream.java:358)
at SampleServer.main(SampleServer.java:111)
CLIENT:
Connected to server utria.uniandes.edu.co/157.253.50.59
Debug is true storeKey false useTicketCache false useKeyTab false
doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
is false principal is null tryFirstPass is false useFirstPass is false
storePass is false clearPass is false
Kerberos username [root]: alexmunoz/utria.uniandes.edu.co
Kerberos password for alexmunoz/utria.uniandes.edu.co: al
[Krb5LoginModule] user entered username:
alexmunoz/utria.uniandes.edu.co
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 16.
principal is alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO
Acquire TGT using AS Exchange
EncryptionKey: keyType=3 keyBytes (hex dump)=0000: B9 86 13 75 13 2C
AB F1
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: B9 86 13 75 13 2C
AB F1
EncryptionKey: keyType=16 keyBytes (hex dump)=0000: AD 58 02 92 1A 5E
B9 C2 BA 6D B0 64 0B 70 AE 1F .X...^...m.d.p..
0010: 6D 98 C8 16 68 A4 16 19
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 16.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=utria.uniandes.edu.co UDP:88, timeout=30000,
number of retries =3, #bytes=257
>>> KDCCommunication: kdc=utria.uniandes.edu.co UDP:88,
timeout=30000,Attempt =1, #bytes=257
>>> KrbKdcReq send: #bytes read=563
>>> KrbKdcReq send: #bytes read=563
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply alexmunoz/utria.uniandes.edu.co
Commit Succeeded
Found ticket for alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO to go
to krbtgt/UNIANDES.EDU.CO at UNIANDES.EDU.CO expiring on Sun Nov 14
22:00:17 COT 2004
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 16.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbKdcReq send: kdc=utria.uniandes.edu.co UDP:88, timeout=30000,
number of retries =3, #bytes=619
>>> KDCCommunication: kdc=utria.uniandes.edu.co UDP:88,
timeout=30000,Attempt =1, #bytes=619
>>> KrbKdcReq send: #bytes read=557
>>> KrbKdcReq send: #bytes read=557
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: -1456
Created InitSecContextToken:
0000: 30 31 20 30 30 20 36 65 20 38 32 20 30 31 20 66 01 00 6e 82
01 f
0010: 30 20 33 30 20 38 32 20 30 31 20 65 63 20 61 30 0 30 82 01 ec
a0
0020: 20 30 33 20 30 32 20 30 31 20 30 35 20 61 31 20 03 02 01 05
a1
0030: 30 33 20 30 32 20 30 31 20 30 65 20 61 32 20 30 03 02 01 0e
a2 0
0040: 37 20 30 33 20 30 35 20 30 30 20 32 30 20 30 30 7 03 05 00 20
00
0050: 20 30 30 20 30 30 20 61 33 20 38 31 20 66 64 20 00 00 a3 81
fd
0060: 36 31 20 38 31 20 66 61 20 33 30 20 38 31 20 66 61 81 fa 30
81 f
0070: 37 20 61 30 20 30 33 20 30 32 20 30 31 20 30 35 7 a0 03 02 01
05
0080: 20 61 31 20 31 31 20 31 62 20 30 66 20 35 35 20 a1 11 1b 0f
55
0090: 34 65 20 34 39 20 34 31 20 34 65 20 34 34 20 34 4e 49 41 4e
44 4
00A0: 35 20 35 33 20 32 65 20 34 35 20 34 34 20 35 35 5 53 2e 45 44
55
00B0: 20 32 65 20 34 33 20 34 66 20 61 32 20 32 34 20 2e 43 4f a2
24
00C0: 33 30 20 32 32 20 61 30 20 30 33 20 30 32 20 30 30 22 a0 03
02 0
00D0: 31 20 30 30 20 61 31 20 31 62 20 33 30 20 31 39 1 00 a1 1b 30
19
00E0: 20 31 62 20 30 36 20 36 62 20 37 32 20 36 32 20 1b 06 6b 72
62
00F0: 37 34 20 36 37 20 37 34 20 31 62 20 30 66 20 35 74 67 74 1b
0f 5
0100: 35 20 34 65 20 34 39 20 34 31 20 34 65 20 34 34 5 4e 49 41 4e
44
0110: 20 34 35 20 35 33 20 32 65 20 34 35 20 34 34 20 45 53 2e 45
44
0120: 35 35 20 32 65 20 34 33 20 34 66 20 61 33 20 38 55 2e 43 4f
a3 8
0130: 31 20 62 36 20 33 30 20 38 31 20 62 33 20 61 30 1 b6 30 81 b3
a0
0140: 20 30 33 20 30 32 20 30 31 20 30 31 20 61 32 20 03 02 01 01
a2
0150: 38 31 20 61 62 20 30 34 20 38 31 20 61 38 20 30 81 ab 04 81
a8 0
0160: 31 20 35 34 20 39 38 20 34 37 20 61 35 20 32 32 1 54 98 47 a5
22
0170: 20 66 66 20 38 33 20 39 31 20 35 36 20 65 37 20 ff 83 91 56
e7
0180: 39 64 20 30 65 20 61 65 20 63 62 20 62 61 20 38 9d 0e ae cb
ba 8
0190: 34 20 32 39 20 33 65 20 32 33 20 32 66 20 61 36 4 29 3e 23 2f
a6
01A0: 20 34 63 20 63 31 20 31 34 20 36 63 20 64 64 20 4c c1 14 6c
dd
01B0: 36 38 20 31 30 20 66 33 20 61 38 20 62 32 20 66 68 10 f3 a8
b2 f
01C0: 61 20 32 30 20 62 33 20 38 63 20 34 38 20 32 37 a 20 b3 8c 48
27
01D0: 20 31 66 20 39 39 20 33 33 20 35 65 20 31 36 20 1f 99 33 5e
16
01E0: 38 64 20 33 31 20 35 32 20 66 39 20 32 65 20 64 8d 31 52 f9
2e d
01F0: 32 20 38 35 20 30 37 20 63 64 20 64 64 20 31 64 2 85 07 cd dd
1d
0200: 20 62 64 20 37 34 20 37 62 20 30 65 20 36 62 20 bd 74 7b 0e
6b
0210: 36 39 20 33 64 20 30 65 20 35 31 20 34 31 20 64 69 3d 0e 51
41 d
0220: 66 20 62 36 20 30 35 20 66 65 20 62 37 20 37 61 f b6 05 fe b7
7a
0230: 20 62 38 20 61 32 20 61 31 20 31 65 20 65 39 20 b8 a2 a1 1e
e9
0240: 64 62 20 62 39 20 36 62 20 31 34 20 30 62 20 34 db b9 6b 14
0b 4
0250: 63 20 31 63 20 64 64 20 62 31 20 65 30 20 32 66 c 1c dd b1 e0
2f
0260: 20 62 30 20 34 36 20 39 63 20 35 35 20 30 65 20 b0 46 9c 55
0e
0270: 33 64 20 66 61 20 38 65 20 66 37 20 33 64 20 35 3d fa 8e f7
3d 5
0280: 63 20 30 65 20 66 39 20 36 36 20 64 36 20 62 63 c 0e f9 66 d6
bc
0290: 20 62 31 20 61 32 20 66 36 20 34 35 20 62 35 20 b1 a2 f6 45
b5
02A0: 39 32 20 62 62 20 65 35 20 62 31 20 63 33 20 32 92 bb e5 b1
c3 2
02B0: 65 20 64 61 20 61 62 20 65 38 20 63 35 20 31 39 e da ab e8 c5
19
02C0: 20 39 62 20 36 37 20 38 63 20 30 64 20 37 33 20 9b 67 8c 0d
73
02D0: 30 61 20 65 65 20 36 63 20 65 33 20 39 35 20 64 0a ee 6c e3
95 d
02E0: 39 20 64 32 20 34 61 20 32 66 20 38 64 20 39 65 9 d2 4a 2f 8d
9e
02F0: 20 35 35 20 38 30 20 37 33 20 32 32 20 34 61 20 55 80 73 22
4a
0300: 66 61 20 61 30 20 63 39 20 39 66 20 37 65 20 33 fa a0 c9 9f
7e 3
0310: 32 20 63 63 20 30 62 20 62 37 20 66 34 20 63 66 2 cc 0b b7 f4
cf
0320: 20 36 65 20 61 30 20 32 31 20 65 35 20 32 64 20 6e a0 21 e5
2d
0330: 32 64 20 66 62 20 34 62 20 66 34 20 39 37 20 36 2d fb 4b f4
97 6
0340: 66 20 64 66 20 35 33 20 61 35 20 36 31 20 36 33 f df 53 a5 61
63
0350: 20 61 34 20 32 31 20 61 34 20 38 31 20 64 36 20 a4 21 a4 81
d6
0360: 33 30 20 38 31 20 64 33 20 61 30 20 30 33 20 30 30 81 d3 a0
03 0
0370: 32 20 30 31 20 30 33 20 61 32 20 38 31 20 63 62 2 01 03 a2 81
cb
0380: 20 30 34 20 38 31 20 63 38 20 66 35 20 34 61 20 04 81 c8 f5
4a
0390: 39 34 20 66 37 20 64 66 20 32 35 20 31 65 20 62 94 f7 df 25
1e b
03A0: 36 20 38 32 20 38 35 20 63 36 20 37 31 20 33 30 6 82 85 c6 71
30
03B0: 20 61 62 20 64 62 20 64 66 20 38 65 20 36 38 20 ab db df 8e
68
03C0: 62 31 20 33 35 20 34 65 20 30 34 20 35 61 20 30 b1 35 4e 04
5a 0
03D0: 35 20 32 62 20 31 36 20 65 61 20 38 65 20 35 35 5 2b 16 ea 8e
55
03E0: 20 37 63 20 34 63 20 66 37 20 31 62 20 34 64 20 7c 4c f7 1b
4d
03F0: 65 33 20 63 63 20 37 33 20 64 38 20 37 38 20 64 e3 cc 73 d8
78 d
0400: 63 20 64 31 20 36 66 20 38 63 20 34 39 20 30 35 c d1 6f 8c 49
05
0410: 20 34 33 20 36 61 20 35 35 20 66 37 20 64 65 20 43 6a 55 f7
de
0420: 38 64 20 63 65 20 31 33 20 35 37 20 66 38 20 33 8d ce 13 57
f8 3
0430: 31 20 31 35 20 36 62 20 64 31 20 31 61 20 36 39 1 15 6b d1 1a
69
0440: 20 63 33 20 30 33 20 30 30 20 32 66 20 34 35 20 c3 03 00 2f
45
0450: 36 33 20 62 63 20 63 30 20 30 62 20 39 36 20 33 63 bc c0 0b
96 3
0460: 66 20 33 36 20 36 39 20 36 65 20 63 39 20 38 64 f 36 69 6e c9
8d
0470: 20 39 37 20 61 63 20 38 34 20 62 30 20 39 30 20 97 ac 84 b0
90
0480: 37 30 20 36 63 20 32 38 20 30 62 20 35 30 20 65 70 6c 28 0b
50 e
0490: 33 20 65 61 20 62 38 20 61 31 20 35 34 20 62 63 3 ea b8 a1 54
bc
04A0: 20 39 37 20 34 39 20 66 65 20 31 37 20 30 39 20 97 49 fe 17
09
04B0: 62 39 20 64 35 20 39 31 20 63 36 20 35 36 20 38 b9 d5 91 c6
56 8
04C0: 39 20 34 33 20 61 66 20 38 36 20 31 35 20 65 66 9 43 af 86 15
ef
04D0: 20 65 66 20 64 37 20 63 66 20 64 62 20 37 33 20 ef d7 cf db
73
04E0: 38 65 20 64 39 20 65 63 20 33 31 20 65 34 20 31 8e d9 ec 31
e4 1
04F0: 63 20 34 64 20 61 62 20 61 34 20 63 39 20 61 63 c 4d ab a4 c9
ac
0500: 20 65 66 20 32 62 20 30 30 20 31 66 20 38 63 20 ef 2b 00 1f
8c
0510: 31 31 20 64 36 20 39 30 20 64 36 20 66 64 20 38 11 d6 90 d6
fd 8
0520: 63 20 61 36 20 30 66 20 30 61 20 39 66 20 62 61 c a6 0f 0a 9f
ba
0530: 20 34 39 20 31 65 20 35 63 20 63 36 20 65 34 20 49 1e 5c c6
e4
0540: 36 34 20 61 61 20 63 33 20 64 66 20 32 63 20 32 64 aa c3 df
2c 2
0550: 32 20 63 34 20 30 66 20 39 30 20 64 36 20 63 62 2 c4 0f 90 d6
cb
0560: 20 35 39 20 39 31 20 63 39 20 39 39 20 36 38 20 59 91 c9 99
68
0570: 37 38 20 63 65 20 31 37 20 35 31 20 31 61 20 62 78 ce 17 51
1a b
0580: 37 20 63 30 20 66 63 20 63 33 20 36 30 20 39 30 7 c0 fc c3 60
90
0590: 20 31 39 20 61 31 20 30 62 20 35 61 20 38 31 20 19 a1 0b 5a
81
05A0: 61 34 20 31 30 20 64 37 20 34 64 20 36 39 20 61 a4 10 d7 4d
69 a
05B0: 65 20 36 61 20 63 37 20 63 35 20 66 63 20 63 39 e 6a c7 c5 fc
c9
05C0: 20 63 34 20 61 39 20 37 33 20 30 66 20 37 63 20 c4 a9 73 0f
7c
05D0: 36 32 20 62 39 20 37 61 20 65 38 20 39 39 20 36 62 b9 7a e8
99 6
05E0: 30 20
Will send token of size 517 from initSecContext.
Will read input token of size 517 for processing by initSecContext
Entered Krb5Context.initSecContext with state=STATE_IN_PROCESS
Exception in thread "main" GSSException: Defective token detected
(Mechanism level: AP_REP token id does not match!)
at sun.security.jgss.krb5.AcceptSecContextToken.<init>(AcceptSecContextToken.java:65)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:640)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:213)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)
at SampleClient.main(SampleClient.java:144)
More information about the Kerberos
mailing list