Java GSS/Kerberos issue - Autheticating server

Laurence daceilo at gmail.com
Tue Nov 29 14:31:22 EST 2005


Hey guys, hopefully someone can help me out here.

I am having a problem with authenticating a user to a KDC (I believe
the MIT reference implementation) using Java (JDK1.5 and JDK1.4)
through GSS.

Here is the background:

I have two processes running on one machine (Client and Server).

1. Client authenticates to kerberos server and logs in, uses the GSS
libraries to create a service ticket for destination server
(Authenticates with principal test/admin at realm.com).
2. Server receives request from client (Through soap transcation).
Generates a login context and tries to authenticate against the
kerberos server using test2/admin at realm.com. Server is returned an
error from the kerberos server (Integrity check on decrypted field
failed (31) - PREAUTH_FAILED).

If I configured the client to use the same username/password I can
authenticate on the client, but no matter what I put in the server it
fails.

I don't know the kerberos protocol well enough to know if I can even do
this (Having the server contact the KDC after a service ticket has been
issued to the client to authenticate). Is that why I'm getting what
I've read indicates a password error?



More information about the Kerberos mailing list