JGSS: Integrity check on decrypted field failed (31)
vadim
vadim.tarassov at swissonline.ch
Wed Nov 8 03:05:49 EST 2006
Hi Michael,
Once I had to implement SPNEGO protocol, and I think I've seen such
errors. Most probably you unwrap SPNEGO tokens in wrong way, which leads
to corrupt (or invalid) GSSAPI token.
Best regards, vadim tarassov
On Mon, 2006-11-06 at 14:26 -0500, Michael B Allen wrote:
> I wrote an SPNEGO Java Servlet Filter that decodes the SPNEGO token,
> plucks out the krb5 mechToken and passes it to acceptSecContext. Works
> great on Linux/Jetty. Tomcat on Windows gives me the following exception.
> Basically it looks like it's failing to decrypt the ticket as if the
> password was wrong (but it's not). The service account is set for DES
> only. For the service credential, I manually create a KerberosKey with a
> plaintext password and enctype of "DES".
>
> Before I start doing byte for byte checking can anyone recommend potential
> reasons for this error?
>
> GSSException: Failure unspecified at GSS-API level (Mechanism level:
> Integrity check on decrypted field failed (31))
> sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
> sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
> sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
> com.ibi.security.spnego.SpnegoFilter.doFilter(SpnegoFilter.java:262)
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list