CAS 3 and SPNEGO
Christoph Ohliger
ohliger at fh-rosenheim.de
Wed Nov 21 07:43:00 EST 2007
Hi,
I have problems with SPNEGO support. I am testing CAS with a MIT
Kerberos server. The kinit tool is working but CAS creates errors. I
think it has anything to do with etypes, but I don?t know where to
define that. Seems that CAS is only accepting rc4-hmac tgt tickets
independent of the definitions in keytab and/or krb5.conf.
When using the keytab file I get following error:
Caused by: KrbException: Integrity check on decrypted field failed (31)
at
sun.security.krb5.internal.crypto.DesCbcEType.decrypt(DesCbcEType.java:154)
at
sun.security.krb5.internal.crypto.DesCbcEType.decrypt(DesCbcEType.java:125)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:167)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:87)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:486)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:405)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:355)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:672)
... 85 more
When using the cache I get following error:
Caused by: GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos Key)
at
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:75)
at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:77)
at
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:389)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:45)
at
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
... 81 more
Any hints
Thanks
Christoph Ohliger
More information about the cas
mailing list