Skip to Content
0
Former Member
Mar 19, 2007 at 10:20 PM

SPNEGO Problems.

99 Views

I've been struggling with configuring SPNEGO for the past week. I've used the SPNEGO WIZARD and believe I've read the notes and relevant posts. I've used the DIAGTOOL and all the initial checks and tests show no errors. However when I try to login I get the login screen and the log entries below are generated.

I'm out of ideas and was hoping someone could point me in the right direction or at least different direction.

Thanks in advance.

/Greg

Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null KeyTab is null refreshKrb5Config is true principal is host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INT tryFirstPass is false useFirstPass is false storePass is false clearPass is false

Refreshing Kerberos configuration

Refreshing Keytab

>>> KeyTabInputStream, readName(): MYDOMAIN.INT

>>> KeyTabInputStream, readName(): host

>>> KeyTabInputStream, readName(): srv-sppld1.MYDOMAIN.int

>>> KeyTab: load() entry length: 72; type: 3

principal's key obtained from the keytab

principal is host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INT

>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType

>>> KrbAsReq calling createMessage

>>> KrbAsReq in createMessage

>>> KrbAsReq etypes are: 1

>>> KrbKdcReq send: kdc=192.168.90.31 UDP:88, timeout=30000, number of retries =3, #bytes=253

>>> KDCCommunication: kdc=192.168.90.31 UDP:88, timeout=30000,Attempt =1, #bytes=253

>>> KrbKdcReq send: #bytes read=1377

>>> KrbKdcReq send: #bytes read=1377

>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType

>>>crc32: de4b1754

>>>crc32: 11011110010010110001011101010100

>>> KrbAsRep cons in KrbAsReq.getReply host/srv-sppld1.MYDOMAIN.int

Added server's keyKerberos Principal host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INTKey Version 1key EncryptionKey: keyType=3 keyBytes (hex dump)=

0000: 29 94 10 40 FD 20 46 23

added Krb5Principal host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INT to Subject

Commit Succeeded

Searching UME for user by attribute krb5principalname = host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INT

Searching for user by attribute krb5principalname = host/srv-sppld1.MYDOMAIN.int@MYDOMAIN.INT

Exception in SPNegologinModule.initialize.

GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Key)

at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:82)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)

at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)

at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)

at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:44)

at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:230)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:28)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:330)