Java GSS/Kerberos issue - Autheticating server

Laurence daceilo at gmail.com
Tue Nov 29 16:39:44 EST 2005 

Debug is  true storeKey false useTicketCache false useKeyTab false
doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
is false principal is another/admin tryFirstPass is false useFirstPass
is false storePass is false clearPass is false
                        [Krb5LoginModule] user entered username:
another/admin

principal is another/admin at REALM.COM
Acquire TGT using AS Exchange
EncryptionKey: keyType=3 keyBytes (hex dump)=0000: 6E 98 91 1C 01 C7 1C
89
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: 6E 98 91 1C 01 C7 1C
89
EncryptionKey: keyType=16 keyBytes (hex dump)=0000: EF 4A 7F DC C2 5B
45 02   B9 86 9E 37 26 9E C2 92  .J...[E....7&...
0010: B3 5E 98 37 8C 20 AE 7C
                        [Krb5LoginModule] authentication failed
Integrity check on decrypted field failed (31) - PREAUTH_FAILED
- Failed to get login context:
javax.security.auth.login.LoginException: Integrity check on decrypted
field failed (31) - PREAUTH_FAILED
org.apache.ws.security.WSSecurityException: The security token could
not be authenticated or authorized (Failed authentication to Kerberos
Server)
            at
org.apache.ws.security.kerberos.GSSAuthorizor.authorize(GSSAuthorizor.java:112)
            at
org.apache.ws.security.kerberos.KerberosAuthorizor.authorize(KerberosAuthorizor.java:65)
            at
org.apache.ws.security.processor.KerberosProcessor.handleToken(KerberosProcessor.java:75)
            at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:287)
            at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:190)
            at
org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:166)
            at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
            at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
            at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
            at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
            at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
            at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
            at
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453)
            at
org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
            at
org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
            at
javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
            at
org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
            at
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
            at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
            at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
            at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
            at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
            at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
            at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
            at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
            at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
            at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)
            at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)
            at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
            at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
            at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
            at java.lang.Thread.run(Thread.java:595)

On the same box I run the client side, which looks like:

Debug is  true storeKey false useTicketCache false useKeyTab false
doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
is false principal is null tryFirstPass is false useFirstPass is false
storePass is false clearPass is true
            [Krb5LoginModule] user entered username: laurence/admin

principal is laurence/admin at REALM.COM
Acquire TGT using AS Exchange
EncryptionKey: keyType=3 keyBytes (hex dump)=0000: 25 0D A7 B9 89 D5 A2
CE
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: 25 0D A7 B9 89 D5 A2
CE
EncryptionKey: keyType=16 keyBytes (hex dump)=0000: 3E A1 75 68 C2 CB
D5 94   0D 32 3B 1C 6D F8 A1 07  >.uh.....2;.m...
0010: 49 51 16 2A 1A 4A E9 1C
Commit Succeeded

Passwords are being used in both cases and if I configure the client to
authenticate with the servers principal it works fine (From the client
side). So I know the username/password is correct (At least when I'm
going to exceute the code).

More information about the Kerberos mailing list