Replay I/O operation failed XXX message
suma
suma.s.gururaj at gmail.com
Fri Sep 18 00:48:06 EDT 2009
On Sep 16, 11:23 pm, Ken Raeburn <raeb... at MIT.EDU> wrote:
> On Sep 16, 2009, at 02:34, suma wrote:
>
> > I am running several Kerberos authentications in a multithreaded
> > application. The application abruptly stopped with the message
> > "Replay I/O operation failed XXX"
>
> > When would the GSSAPI throw this error. Did the I/O not go through...
>
> It should probably say "Replay cache I/O operation failed", and give
> some more detail. Unfortunately, there are several places where some
> kind of failing operation on the replay cache gets mapped into this
> one internal error code. My first guess would be that a replay cache
> might have been left around under a different uid; it's expected that
> all services sharing a given principal will operate under the same
> uid, since they all need access to the same service principal key.
>
> Ken
Hi Ken and All,
Thanks for your reply. Appreciate it.
I modified my program to see if the multiple threads are causing the I/
O error.
Now my program is single-threaded and performs the following in a
loop.
1. Get TGT
2. Sleep for 2 mins - to ensure the ST and the timestamp are unique
3. Obtain ST
4. Authenticate a user.
5. Get a session for this user and disconnect the session.
When the program is run for a longer duration - typically after an
hour. I run into the "Replay I/O operation failed XXX" error.
I am using kerberos login module from JAAS for authentication. Below
is the Java code that I am using to create ST
==============================================================
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
GSSName clientName =
manager.createName(m_user,
GSSName.NT_USER_NAME);
GSSCredential clientCreds =
manager.createCredential(
clientName,
GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,
GSSCredential.INITIATE_ONLY);
GSSName peerName =
manager.createName(
m_spnName,
null);
GSSContext secContext =
manager.createContext(
peerName,
krb5Mechanism,
clientCreds,
GSSContext.DEFAULT_LIFETIME);
==============================================================
Am I doing something wrong that is causing the Replay I/O error. I
sincerely appreciate any pointers.
Thanks,
--Suma
More information about the Kerberos
mailing list