[WARNING - NOT VIRUS SCANNED] Re: Error calling function protocol status: 1312

Santiago Rivas sanribu at gmail.com
Fri Oct 23 03:58:13 EDT 2009 

Hi,

The application runs from the command line. Yesterday I ran it with the
option you recommended (-Dsun.security.krb5.debug=true) and here you are the
different outputs.

*jvm.rar* includes both the credentials cache generated with JVM (kinit) and
the output I get when I use them to run the Client.

*nim.rar* includes both the credentials cache generated with NIM and the
output I get when I use them to run the Client (one specifiyng the principal
in the jaas.conf and another without doing it).

Regards,
Santi


2009/10/22 Max (Weijun) Wang <Weijun.Wang at sun.com>

> Hi Santiago
>
> Java is coded to support type 4 ccache, it just hasn't made use of the tags
> inside. Can you send me a copy of your ccache?
>
> It seems you've only specified debug=true in the JAAS config file. Please
> also add the system property sun.security.krb5.debug=true. I don't know how
> you launch the program. For the command line, it looks like  ---
>
>    java -Dsun.security.krb5.debug=true YourApp
>
> BTW, You mentioned the program works fine with kinit.exe from JDK. Can you
> show what the output in that case is?
>
> Thanks
> Max
>
> On Oct 22, 2009, at 4:22 AM, Douglas E. Engert wrote:
>
>
>>
>> Santiago Rivas wrote:
>>
>>> After enabling debug mode, this is what I've got:
>>> Case 1: No principal is specified in jaas.conf
>>> *Debug is  true storeKey false useTicketCache true useKeyTab false
>>> doNotPrompt fa
>>> lse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config
>>> is
>>> fal
>>> se principal is null tryFirstPass is false useFirstPass is false
>>> storePass
>>> is fa
>>> lse clearPass is false
>>> Acquire TGT from Cache
>>> Error calling function Protocol status: 1312
>>> A specified logon session does not exist. It may already have been
>>> terminated
>>> Principal is null
>>> null credentials from Ticket Cache
>>> Username for Kerberos [santi]:*
>>>
>>> ...
>
>  IMHO, it seems like JVM is not able to parse the credentials file
>>> generated
>>> by NIM. Referring to the credentials cache, is there any "known
>>> incompatibility" between NIM and JVM which I should be aware of?
>>> Thanks again!
>>>
>> This could be an issue of the cache version. NIM looks like it is writing
>> a type 4 cache. (First two bytes in the file are 0x05 0x04. The 0x04 is
>> the
>> version.) It could be Java only knows how to handle versions up to 3.
>>
>> In the MIT krb5.conf used by NIM, try adding to [libdefaults] sectiom:
>> ccache_type = 3
>>
>> NIM will then write a type 3 cache.
>>
>> (This is not the only Kerberos feature that Java is way behind on either.
>> Using dns_lookup_kdc = 1 to use the DNS SRV records is a major one
>> especially on Windows...)
>>
>
>

More information about the krbdev mailing list