Replay I/O operation failed XXX message

suma suma.s.gururaj at gmail.com
Fri Sep 18 00:48:06 EDT 2009


On Sep 16, 11:23 pm, Ken Raeburn <raeb... at MIT.EDU> wrote:
> On Sep 16, 2009, at 02:34, suma wrote:
>
> > I am running several Kerberos authentications in a multithreaded
> > application.  The application abruptly stopped with the message
> > "Replay I/O operation failed XXX"
>
> > When would the GSSAPI throw this error. Did the I/O not go through...
>
> It should probably say "Replay cache I/O operation failed", and give  
> some more detail.  Unfortunately, there are several places where some  
> kind of failing operation on the replay cache gets mapped into this  
> one internal error code.  My first guess would be that a replay cache  
> might have been left around under a different uid; it's expected that  
> all services sharing a given principal will operate under the same  
> uid, since they all need access to the same service principal key.
>
> Ken

Hi Ken and All,

Thanks for your reply.  Appreciate it.

I modified my program to see if the multiple threads are causing the I/
O error.
Now my program is single-threaded and performs the following in a
loop.

1.  Get TGT
2.  Sleep for 2 mins - to ensure the ST and the timestamp are unique
3.  Obtain ST
4.  Authenticate a user.
5.  Get a session for this user and disconnect the session.

When the program is run for a longer duration - typically after an
hour.  I run into the "Replay I/O operation failed XXX" error.

I am using kerberos login module from JAAS for authentication.  Below
is the Java code that I am using to create ST

==============================================================

GSSManager manager = GSSManager.getInstance();
                Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
                GSSName clientName =
                        manager.createName(m_user,
GSSName.NT_USER_NAME);

                GSSCredential clientCreds =
                        manager.createCredential(
                                clientName,
                                GSSCredential.DEFAULT_LIFETIME,
                                krb5Mechanism,
                                GSSCredential.INITIATE_ONLY);
                GSSName peerName =
                        manager.createName(
                                m_spnName,
                                null);
                GSSContext secContext =
                        manager.createContext(
                                peerName,
                                krb5Mechanism,
                                clientCreds,
                                GSSContext.DEFAULT_LIFETIME);

==============================================================

Am I doing something wrong that is causing the Replay I/O error.  I
sincerely appreciate any pointers.

Thanks,
--Suma



More information about the Kerberos mailing list