I've been struggling with configuring SPNEGO for the past week. I've used the SPNEGO WIZARD and believe I've read the notes and relevant posts. I've used the DIAGTOOL and all the initial checks and tests show no errors. However when I try to login I get the login screen and the log entries below are generated.
I'm out of ideas and was hoping someone could point me in the right direction or at least different direction.
Thanks in advance.
/Greg
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null KeyTab is null refreshKrb5Config is true principal is host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INT tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Refreshing Keytab
>>> KeyTabInputStream, readName(): MYDOMAIN.INT
>>> KeyTabInputStream, readName(): host
>>> KeyTabInputStream, readName(): srv-sppld1.MYDOMAIN.int
>>> KeyTab: load() entry length: 72; type: 3
principal's key obtained from the keytab
principal is host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INT
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbAsReq etypes are: 1
>>> KrbKdcReq send: kdc=192.168.90.31 UDP:88, timeout=30000, number of retries =3, #bytes=253
>>> KDCCommunication: kdc=192.168.90.31 UDP:88, timeout=30000,Attempt =1, #bytes=253
>>> KrbKdcReq send: #bytes read=1377
>>> KrbKdcReq send: #bytes read=1377
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: de4b1754
>>>crc32: 11011110010010110001011101010100
>>> KrbAsRep cons in KrbAsReq.getReply host/srv-sppld1.MYDOMAIN.int
Added server's keyKerberos Principal host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INTKey Version 1key EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: 29 94 10 40 FD 20 46 23
added Krb5Principal host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INT to Subject
Commit Succeeded
Searching UME for user by attribute krb5principalname = host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INT
Searching for user by attribute krb5principalname = host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INT
Exception in SPNegologinModule.initialize.
GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Key)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:82)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:230)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:28)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:330)