Error calling function protocol status: 1312

Santiago Rivas sanribu at gmail.com
Wed Oct 14 10:16:02 EDT 2009 

Well, I do specify "useTicketCache=true" in the JAAS config file, but there
is something I must be missing, cause I cannot get it working with cached
tickets. In fact, I must provide username and password in the config file
(or via command line).

I can obtain TGT tickets with both Leash32 and Network Identity Manager
tools, but I cannot see where they are stored, if cached (just the same as
/tmp/krb5cc_1000 file in Linux...) ¿?

So may be the cuestion should be: How do I configure the ticket cache in
Windows? Is it mandatory to be configured through LSA?

Thank you very much, Max!

Regards,
Santi

2009/10/14 Max (Weijun) Wang <Weijun.Wang at sun.com>

> Java tries to get the credentials cache (ccache) from Windows LSA if you
> specify useTicketCache=true in the JAAS config file. In some cases, Java
> believes there's a ccache at the beginning, but finally it cannot get one.
> For example, you login as a AD account but then purge the TGT using klist or
> kerbtray. Then, you will see this error.
>
> Without the ccache, Java will try the Kerberos login itself, you'll need to
> provide username and password in your program.
>
> -- Max
>
> On Oct 14, 2009, at 6:55 PM, Santiago Rivas wrote:
>
>  Hi again,
>>
>> After some tough work, it seems I've got my test environment configured
>> and
>> working with DHCP server, DNS server, ldap and Domain Controller, running
>> on
>> a GNU Linux Debian platform. I've also configured KDC + AS services on
>> that
>> machine, and I'm glad to see that I'm able to create a secure context
>> between the server and other GNU Linux machine. I'm using GSS-API in Java
>> 1.6, and everything works fine.
>>
>> The problem comes when I run the same Java code on a Windows XP SP3
>> platform
>> with jdk 1.5.0_21 version installed. Just before the context is created, I
>> get the message:
>>
>> *Error calling function protocol status: 1312. A specified logon session
>> does not exist. It may already have been terminated.*
>>
>> But the most curious thing is that execution continues and secure context
>> is
>> created indeed. I've also checked *krb5kdc.log* and verified that both TGT
>> ans TGS tickets are generated and delivered correctly.
>>
>> I've searched the web and I've found many posible explanations, like:
>>
>> *"There is a problem with Windows API FormatMessage usage in a non English
>> locale"* - forums.sun
>> *"The identity associated with a
>> **KerberosToken2*<
>> http://msdn.microsoft.com/en-us/library/microsoft.web.services2.security.tokens.kerberostoken2.aspx>
>>
>> * security token is being used for constrained delegation, but constrained
>> delegation is not configured correctly."* - msdn
>> *"There is a bug in Java 1.5"* - other source
>>
>> ... but none of them convinces me.
>> So the cuestion is: Why is that message appearing? Should I worry about
>> it?
>> How can I solve it?
>>
>> Thanks in advance!
>>
>> Regards,
>> Santi
>> _______________________________________________
>> krbdev mailing list             krbdev at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>
>
>

More information about the krbdev mailing list