[WARNING - NOT VIRUS SCANNED] Re: Error calling function protocol status: 1312
Santiago Rivas
sanribu at gmail.com
Fri Oct 23 04:01:04 EDT 2009
Ooops, it seems that rar attachment didin't work. I re-send the txt files...
2009/10/23 Santiago Rivas <sanribu at gmail.com>
> Hi,
>
> The application runs from the command line. Yesterday I ran it with the
> option you recommended (-Dsun.security.krb5.debug=true) and here you are the
> different outputs.
>
> *jvm.rar* includes both the credentials cache generated with JVM (kinit)
> and the output I get when I use them to run the Client.
>
> *nim.rar* includes both the credentials cache generated with NIM and the
> output I get when I use them to run the Client (one specifiyng the principal
> in the jaas.conf and another without doing it).
>
> Regards,
> Santi
>
>
> 2009/10/22 Max (Weijun) Wang <Weijun.Wang at sun.com>
>
> Hi Santiago
>>
>> Java is coded to support type 4 ccache, it just hasn't made use of the
>> tags inside. Can you send me a copy of your ccache?
>>
>> It seems you've only specified debug=true in the JAAS config file. Please
>> also add the system property sun.security.krb5.debug=true. I don't know how
>> you launch the program. For the command line, it looks like ---
>>
>> java -Dsun.security.krb5.debug=true YourApp
>>
>> BTW, You mentioned the program works fine with kinit.exe from JDK. Can you
>> show what the output in that case is?
>>
>> Thanks
>> Max
>>
>> On Oct 22, 2009, at 4:22 AM, Douglas E. Engert wrote:
>>
>>
>>>
>>> Santiago Rivas wrote:
>>>
>>>> After enabling debug mode, this is what I've got:
>>>> Case 1: No principal is specified in jaas.conf
>>>> *Debug is true storeKey false useTicketCache true useKeyTab false
>>>> doNotPrompt fa
>>>> lse ticketCache is null isInitiator true KeyTab is null
>>>> refreshKrb5Config is
>>>> fal
>>>> se principal is null tryFirstPass is false useFirstPass is false
>>>> storePass
>>>> is fa
>>>> lse clearPass is false
>>>> Acquire TGT from Cache
>>>> Error calling function Protocol status: 1312
>>>> A specified logon session does not exist. It may already have been
>>>> terminated
>>>> Principal is null
>>>> null credentials from Ticket Cache
>>>> Username for Kerberos [santi]:*
>>>>
>>>> ...
>>
>> IMHO, it seems like JVM is not able to parse the credentials file
>>>> generated
>>>> by NIM. Referring to the credentials cache, is there any "known
>>>> incompatibility" between NIM and JVM which I should be aware of?
>>>> Thanks again!
>>>>
>>> This could be an issue of the cache version. NIM looks like it is writing
>>> a type 4 cache. (First two bytes in the file are 0x05 0x04. The 0x04 is
>>> the
>>> version.) It could be Java only knows how to handle versions up to 3.
>>>
>>> In the MIT krb5.conf used by NIM, try adding to [libdefaults] sectiom:
>>> ccache_type = 3
>>>
>>> NIM will then write a type 3 cache.
>>>
>>> (This is not the only Kerberos feature that Java is way behind on either.
>>> Using dns_lookup_kdc = 1 to use the DNS SRV records is a major one
>>> especially on Windows...)
>>>
>>
>>
>
-------------- next part --------------
Initializing for:
username: null
password: null
servername: localhost
realm: ZIGIA.ORG
kdc: krb.zigia.org
config: ./jaas.conf
confName: Client
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
>>>KinitOptions cache name is C:\Documents and Settings\santi\krb5cc_santi
>>>DEBUG <CCacheInputStream> client principal is santi at ZIGIA.ORG
>>>DEBUG <CCacheInputStream> server principal is krbtgt/ZIGIA.ORG at ZIGIA.ORG
>>>DEBUG <CCacheInputStream> key type: 1
>>>DEBUG <CCacheInputStream> auth time: Fri Oct 23 03:38:19 CEST 2009
>>>DEBUG <CCacheInputStream> start time: Thu Jan 01 01:00:00 CET 1970
>>>DEBUG <CCacheInputStream> end time: Fri Oct 23 13:38:19 CEST 2009
>>>DEBUG <CCacheInputStream> renew_till time: Thu Jan 01 01:00:00 CET 1970
>>> CCacheInputStream: readFlags() INITIAL; PRE_AUTH;
Host address is /192.168.2.205
>>>DEBUG <CCacheInputStream>
>>> KrbCreds found the default ticket granting ticket in credential cache.
>>> Obtained TGT from LSA: Credentials:
client=santi at ZIGIA.ORG
server=krbtgt/ZIGIA.ORG at ZIGIA.ORG
authTime=20091023013819Z
startTime=19700101000000Z
endTime=20091023113819Z
renewTill=19700101000000Z
flags: INITIAL;PRE-AUTHENT
EType (int): 1
Principal is santi at ZIGIA.ORG
Commit Succeeded
Subject: [santi at ZIGIA.ORG]
Openning socket to localhost:2004 ...ok
>>> GSSClient... Getting client credentials for santi at ZIGIA.ORG
Found ticket for santi at ZIGIA.ORG to go to krbtgt/ZIGIA.ORG at ZIGIA.ORG expiring on Fri Oct 23 13:38:19 CEST 2009
>>> GSSClient... GSSManager creating security context
>>> GSSClient... Sending token to server over secure context
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: c8d39274
>>>crc32: 11001000110100111001001001110100
>>> KrbKdcReq send: kdc=krb.zigia.org UDP:88, timeout=30000, number of retries =3, #bytes=541
>>> KDCCommunication: kdc=krb.zigia.org UDP:88, timeout=30000,Attempt =1, #bytes=541
>>> KrbKdcReq send: #bytes read=537
>>> KrbKdcReq send: #bytes read=537
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: cdfedbc7
>>>crc32: 11001101111111101101101111000111
>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: 29332451
>>>crc32: 101001001100110010010001010001
Krb5Context setting mySeqNumber to: 403616947
Created InitSecContextToken:
0000: 01 00 6E 82 01 CD 30 82 01 C9 A0 03 02 01 05 A1 ..n...0.........
0010: 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 01 ......... ......
0020: 09 61 82 01 05 30 82 01 01 A0 03 02 01 05 A1 0B .a...0..........
0030: 1B 09 5A 49 47 49 41 2E 4F 52 47 A2 27 30 25 A0 ..ZIGIA.ORG.'0%.
0040: 03 02 01 00 A1 1E 30 1C 1B 09 6C 6F 63 61 6C 68 ......0...localh
0050: 6F 73 74 1B 0F 73 74 77 73 32 2E 7A 69 67 69 61 ost..stws2.zigia
0060: 2E 6F 72 67 A3 81 C3 30 81 C0 A0 03 02 01 01 A1 .org...0........
0070: 03 02 01 01 A2 81 B3 04 81 B0 6A 35 CE 06 FD 97 ..........j5....
0080: 9C 74 1C 38 D1 0B E6 BD F6 0F 10 A9 43 07 33 1F .t.8........C.3.
0090: 6A AD 64 D6 81 16 53 55 42 75 4E 05 6C 0D 7F 8F j.d...SUBuN.l...
00A0: A6 3D CB 83 CB BC 80 9F 02 C4 94 6E 82 50 E4 B7 .=.........n.P..
00B0: 1D 12 AF B8 4A 4D 43 AA BC 14 09 B6 B5 FF EC 71 ....JMC........q
00C0: 1A 6C 56 D4 A0 D5 A3 C3 97 5D B7 5F FE 20 A3 09 .lV......]._. ..
00D0: B0 C8 14 40 57 1C F8 01 31 FF 62 5F 4F 30 83 78 ... at W...1.b_O0.x
00E0: C6 15 B0 43 21 9C 41 F5 CF B7 D4 C3 DC 2D E1 A6 ...C!.A......-..
00F0: BB E8 38 B5 94 0A E8 C9 34 9B 64 19 FC 8A D5 8F ..8.....4.d.....
0100: 31 DA A7 F5 36 BB 36 4B 21 90 E7 58 6B E8 78 BD 1...6.6K!..Xk.x.
0110: 75 F5 25 95 5C 55 45 9C AF 95 A9 38 8F 8D 78 FC u.%.\UE....8..x.
0120: 0F 3B 00 3B 7B 6B BB 59 12 55 A4 81 A6 30 81 A3 .;.;.k.Y.U...0..
0130: A0 03 02 01 01 A2 81 9B 04 81 98 D6 92 62 5C 61 .............b\a
0140: 33 E6 AF 61 0E 46 82 9A F6 0F 3E 13 5F F2 2A 24 3..a.F....>._.*$
0150: 9B C7 02 CD FB 5E FD 33 E4 C2 DB 6B 2F 6C 9D 1B .....^.3...k/l..
0160: 0A 99 8E B0 2C E0 A7 28 F7 AB 7B 9A F9 F8 0E B8 ....,..(........
0170: 3C 07 7F F9 EB D7 A7 C7 24 F2 9F 70 30 5A 8A 30 <.......$..p0Z.0
0180: 97 01 6F 59 05 95 28 E4 4B EC FB 8B 97 EB 4F A7 ..oY..(.K.....O.
0190: A0 72 B6 AB 91 32 DC 86 E7 4B 32 40 77 84 D4 78 .r...2...K2 at w..x
01A0: BF 8A 88 68 48 09 9B ED 52 D5 D8 FB F9 10 06 AD ...hH...R.......
01B0: A7 59 F7 1B 2B BE B3 DA 83 12 BF 52 08 A6 3D 97 .Y..+......R..=.
01C0: CE 32 21 6A 08 D1 98 8D D7 32 22 62 A0 02 DC F5 .2!j.....2"b....
01D0: 79 AC C2 y..
Entered Krb5Context.initSecContext with state=STATE_IN_PROCESS
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: 48992ba5
>>>crc32: 1001000100110010010101110100101
Krb5Context setting peerSeqNumber to: 823071632
>>> GSSClient... Client message is [A sample message from client]
Krb5Context.wrap: data=[41 20 73 61 6d 70 6c 65 20 6d 65 73 73 61 67 65 20 66 72 6f 6d 20 63 6c 69 65 6e 74 ]
Krb5Context.wrap: token=[60 4b 06 09 2a 86 48 86 f7 12 01 02 02 02 01 00 00 00 00 ff ff 6b d7 9e 3e f8 ce ff 25 b2 16 b4 a3 6e f8 4e 09 34 03 56 1a d1 34 2d a8 2f b6 5c 4f 38 25 62 5a 37 9f 1a a6 a9 b1 c2 f3 f4 e9 fe 94 57 59 7b f5 f2 c0 09 5a 37 98 66 88 ]
Krb5Context.unwrap: token=[60 81 83 06 09 2a 86 48 86 f7 12 01 02 02 02 01 00 00 00 00 ff ff 3a 0d 5d 4f 36 de 64 33 aa af a2 d4 89 0e 7a ed 26 ed 5d 5b db 5e 2f e5 31 b0 11 9f 9d 76 e0 f4 6d 41 d1 41 3c 5b 4a 00 6f a8 21 f4 7c b8 e4 bd e2 51 3b 4a d7 a2 5a f2 41 7f 62 79 bb 5e 42 e7 79 cf f3 2a ce 23 e8 91 90 95 00 b4 8e 4e 7f 82 4f 77 05 b5 58 d3 da 93 67 71 7a e0 65 64 9c 48 16 17 44 bf 39 a4 f0 02 a8 c5 a4 6c b6 3c 31 ee ]
Krb5Context.unwrap: data=[3e 3e 3e 20 47 53 53 53 65 72 76 65 72 3a 20 53 65 63 75 72 65 20 43 6f 6e 74 65 78 74 20 65 73 74 61 62 6c 69 73 68 20 62 65 74 77 65 65 6e 20 5b 6c 6f 63 61 6c 68 6f 73 74 5d 20 61 6e 64 20 5b 73 61 6e 74 69 40 5a 49 47 49 41 2e 4f 52 47 5d ]
>>> GSSClient... Message recieved from Server [[B at 194df86]
Server Response >>> GSSServer: Secure Context establish between [localhost] and [santi at ZIGIA.ORG]
[Krb5LoginModule]: Entering logout
[Krb5LoginModule]: logged out Subject
-------------- next part --------------
Initializing for:
username: null
password: null
servername: localhost
realm: ZIGIA.ORG
kdc: krb.zigia.org
config: ./jaas.conf
confName: Client
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is santi tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
>>>KinitOptions cache name is C:\Documents and Settings\santi\krb5cc_santi
>>>DEBUG <CCacheInputStream> client principal is santi at ZIGIA.ORG
>>>DEBUG <CCacheInputStream> server principal is krbtgt/ZIGIA.ORG at ZIGIA.ORG
>>>DEBUG <CCacheInputStream> key type: 18
>>>DEBUG <CCacheInputStream> auth time: Fri Oct 23 03:41:49 CEST 2009
>>>DEBUG <CCacheInputStream> start time: Fri Oct 23 03:41:49 CEST 2009
>>>DEBUG <CCacheInputStream> end time: Fri Oct 23 13:41:49 CEST 2009
>>>DEBUG <CCacheInputStream> renew_till time: Fri Oct 30 02:41:49 CET 2009
>>> CCacheInputStream: readFlags() FORWARDABLE; RENEWABLE; INITIAL; PRE_AUTH;
>>>DEBUG <CCacheInputStream>
>>> KrbCreds found the default ticket granting ticket in credential cache.
>>> unsupported key type found the default TGT: 18
>> Acquire default native Credentials
>>> Found no TGT's in LSA
Principal is santi at ZIGIA.ORG
null credentials from Ticket Cache
Error calling function Protocol status: 1312
Un inicio de sesión especificado no existe. Es posible que haya finalizado.
-------------- next part --------------
Initializing for:
username: null
password: null
servername: localhost
realm: ZIGIA.ORG
kdc: krb.zigia.org
config: ./jaas.conf
confName: Client
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
>>>KinitOptions cache name is C:\Documents and Settings\santi\krb5cc_santi
>>>DEBUG <CCacheInputStream> client principal is santi at ZIGIA.ORG
>>>DEBUG <CCacheInputStream> server principal is krbtgt/ZIGIA.ORG at ZIGIA.ORG
>>>DEBUG <CCacheInputStream> key type: 18
>>>DEBUG <CCacheInputStream> auth time: Fri Oct 23 03:41:49 CEST 2009
>>>DEBUG <CCacheInputStream> start time: Fri Oct 23 03:41:49 CEST 2009
>>>DEBUG <CCacheInputStream> end time: Fri Oct 23 13:41:49 CEST 2009
>>>DEBUG <CCacheInputStream> renew_till time: Fri Oct 30 02:41:49 CET 2009
>>> CCacheInputStream: readFlags() FORWARDABLE; RENEWABLE; INITIAL; PRE_AUTH;
>>>DEBUG <CCacheInputStream>
>>> KrbCreds found the default ticket granting ticket in credential cache.
>>> unsupported key type found the default TGT: 18
>> Acquire default native Credentials
>>> Found no TGT's in LSA
Principal is null
null credentials from Ticket Cache
Error calling function Protocol status: 1312
Un inicio de sesión especificado no existe. Es posible que haya finalizado.
More information about the krbdev
mailing list