unknown error occuring while using mit kerberos implementation
Steve
steve.terapak at gmail.com
Mon Dec 14 14:36:27 EST 2009
Hi I have a working (gssapi) kerberos authentication mechanism built
into an application which is currently being deployed. It has been
bullet proof for the last month then recently at one location I am
receiving errors. It was working at the location for almost one month
then out of no where it stopped working. Here is a sample from gssapi
logs from the server.:
2009-12-09 10:42:14,307 DEBUG root - [GSSKerberos:getGSSInternalName]
Entering function
2009-12-09 10:42:14,338 INFO root -
[GSSKerberos:acceptSecurityContext]GSS_ACQUIRE_CRED being called
2009-12-09 10:42:14,354 INFO root -
[GSSKerberos:acceptSecurityContext]GSS_ACCEPT_SEC_CONTEXT being called
2009-12-09 10:42:14,354 ERROR root -
[GSSKerberos:acceptSecurityContext]Error in gss_accept_sec_context
(GSS_S_DEFECTIVE_TOKEN)
2009-12-09 10:42:14,354 DEBUG root - [GSSKerberos:get_status_message]
Entering get_status_message
2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:get_status_message]
GSS-API error: Invalid token was supplied
2009-12-09 10:42:14,354 DEBUG root - [GSSKerberos:get_status_message]
Entering get_status_message
2009-12-09 10:42:14,354 ERROR root - [GSSKerberos:get_status_message]
GSS-API error: No error
2009-12-09 10:42:14,354 ERROR root -
[NetworkSecurity:AcceptClientToken]GSS Security context failed.
So it looks like an invalid token was passed from the client.
Something must have changed in the server environment but I am having
a hard time tracking it down. I was hoping some one could provide
some clues to where I can research. I reviewed the environment and it
looks like all the krb5.ini & environment variables are the same.
Thanks for the help in advance.
Steve
More information about the Kerberos
mailing list