Error calling function protocol status: 1312

Max (Weijun) Wang Weijun.Wang at sun.com
Wed Oct 21 20:05:35 EDT 2009 

Hi Santiago

Java is coded to support type 4 ccache, it just hasn't made use of the  
tags inside. Can you send me a copy of your ccache?

It seems you've only specified debug=true in the JAAS config file.  
Please also add the system property sun.security.krb5.debug=true. I  
don't know how you launch the program. For the command line, it looks  
like  ---

     java -Dsun.security.krb5.debug=true YourApp

BTW, You mentioned the program works fine with kinit.exe from JDK. Can  
you show what the output in that case is?

Thanks
Max

On Oct 22, 2009, at 4:22 AM, Douglas E. Engert wrote:

>
>
> Santiago Rivas wrote:
>> After enabling debug mode, this is what I've got:
>> Case 1: No principal is specified in jaas.conf
>> *Debug is  true storeKey false useTicketCache true useKeyTab false
>> doNotPrompt fa
>> lse ticketCache is null isInitiator true KeyTab is null  
>> refreshKrb5Config is
>> fal
>> se principal is null tryFirstPass is false useFirstPass is false  
>> storePass
>> is fa
>> lse clearPass is false
>> Acquire TGT from Cache
>> Error calling function Protocol status: 1312
>> A specified logon session does not exist. It may already have been
>> terminated
>> Principal is null
>> null credentials from Ticket Cache
>> Username for Kerberos [santi]:*
>>
...
>> IMHO, it seems like JVM is not able to parse the credentials file  
>> generated
>> by NIM. Referring to the credentials cache, is there any "known
>> incompatibility" between NIM and JVM which I should be aware of?
>> Thanks again!
> This could be an issue of the cache version. NIM looks like it is  
> writing
> a type 4 cache. (First two bytes in the file are 0x05 0x04. The 0x04  
> is the
> version.) It could be Java only knows how to handle versions up to 3.
>
> In the MIT krb5.conf used by NIM, try adding to [libdefaults] sectiom:
> ccache_type = 3
>
> NIM will then write a type 3 cache.
>
> (This is not the only Kerberos feature that Java is way behind on  
> either.
> Using dns_lookup_kdc = 1 to use the DNS SRV records is a major one
> especially on Windows...)

More information about the krbdev mailing list