Server not found in Kerberos database while getting a service url ticket

vpouli vpouli at gmail.com
Mon May 22 13:01:54 EDT 2006 

hello,
I have added to my kerberos database the following principal:
"http://localhost:8080/axis/services/test" .
(It' s in a url format instead of  being in the format:
service/host at REALM.)
So, the thing is that I would like to acquire a service ticket for that
principal.
To request a service ticket I am using gss api and follow the next
steps:

class KrbClient{
main(){
....
//I have acquired the credentials from the ticket cache
...
PrincipalName serviceName = new
PrincipalName("http://localhost:8080/axis/services/test");

// create the tgs_req to ask for service tickets
sun.security.krb5.KrbTgsReq tgs_req = new
sun.security.krb5.KrbTgsReq(credentials, serviceName);

tgs_req.send();

// get tgs_rep
KrbTgsRep tgs_rep = tgs_req.getReply();
}
}

and it gets the folllowing error:

KrbException: Server not found in Kerberos database (7)
	at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:67)
	at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:235)
	at KrbClient.requestServiceTicket(KrbClient.java:142)
	at KrbClient.main(KrbClient.java:39)
Caused by: KrbException: Identifier doesn't match expected value (906)
	at sun.security.krb5.internal.KDCRep.init(KDCRep.java:134)
	at sun.security.krb5.internal.TGSRep.init(TGSRep.java:59)
	at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:54)
	at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:50)
	... 3 more

>From the debugging of gss api:
>>>KRBError:
	 sTime is Mon May 22 19:07:26 EEST 2006 1148314046000
	 suSec is 722233
	 error code is 7
	 error Message is Server not found in Kerberos database
	 crealm is GRID.ORG
	 cname is vpouli
	 realm is GRID.ORG
	 sname is http://localhost:8080/axis/services/test

>From the kdc log file:
2006-05-22T19:40:59 TGS-REQ vpouli at GRID.ORG from IPv4:147.102.183.137
for http:/\/localhost:8080/axis/services/test at GRID.ORG
2006-05-22T19:40:59 Server not found in database:
http:/\/localhost:8080/axis/services/test at GRID.ORG: No such entry in
the database
2006-05-22T19:40:59 sending 155 bytes to IPv4:147.102.183.137

What I see, is that when I request a ticket for a service principal
which contains "//" (like in http://localhost....) it puts an escape
character '\' between '//'  and tries to find "http:/\/localhost..."
instead of "http://localhost....".

Is there something I can do about it?

More information about the Kerberos mailing list