Hi Forum!
I have encountered a problem while setting up kerberos authentication on our portal environment.
I have followed all the guides that there is here on SDN, but still I get the error pasted below:
I have two possible causes for the problem, but need some advise on how to proceed...
Our J2EE engine is running under a local user on the portal server. Does this pose a problem when authenticating ? We have created a never-expiring user on the domain that hosts the KDC, and created our keytab file with that users credentials, but does the J2EE engine still try to authenticate using it's own credentials? I'm wondering because I haven't encountered anywher in the setup where I had to configure which service-user the keytab-file was generated against.
We are accessing our portal on a seperate port number.... does that port number have to be part of the servicename when we bind the SPN to the keytab-file on the DC ?
Thanks in advance for any advise
/ Claus Gosmer
Error-message :
Acquiring credentials for ream XXX.XX failed
[EXCEPTION]
GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentialsInCurrentThread(ConfigurationHelper.java:242)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:31)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:350)
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Wrong username password combination.
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:194)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.GeneratedMethodAccessor336.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)