9 Replies Latest reply on Sep 18, 2009 10:12 AM by td403

    Problem with Negotiation-toolkit with LDAP

    td403

      Hello everyone.

      I hope someone can show me the light.
      I have installed JBoss Negotiation 2.0.3 GA on JBoss 4.2.3.GA
      according to the documentation.
      I can perform all three tests sucessfully if I use UsersRolesLoginModule.
      However, when I try to use the Chained configuration, as described in the documentation, I get the following error in the jboss log.

      2009-08-12 13:24:11,903 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)] Started in 21s:500ms
      2009-08-12 13:24:11,903 DEBUG [com.arjuna.ats.arjuna.logging.arjLogger] Periodic recovery - first pass <Wed, 12 Aug 2009 13:24:11>
      2009-08-12 13:24:11,903 DEBUG [com.arjuna.ats.arjuna.logging.arjLogger] StatusModule: first pass
      2009-08-12 13:24:11,903 DEBUG [com.arjuna.ats.txoj.logging.txojLoggerI18N] [com.arjuna.ats.internal.txoj.recovery.TORecoveryModule_3] - TORecoveryModule - first pass
      2009-08-12 13:24:11,903 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.firstpass] Local XARecoveryModule - first pass
      2009-08-12 13:24:21,903 DEBUG [com.arjuna.ats.arjuna.logging.arjLogger] Periodic recovery - second pass <Wed, 12 Aug 2009 13:24:21>
      2009-08-12 13:24:21,903 DEBUG [com.arjuna.ats.arjuna.logging.arjLogger] AtomicActionRecoveryModule: Second pass
      2009-08-12 13:24:21,903 DEBUG [com.arjuna.ats.txoj.logging.txojLoggerI18N] [com.arjuna.ats.internal.txoj.recovery.TORecoveryModule_6] - TORecoveryModule - second pass
      2009-08-12 13:24:21,903 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.secondpass] Local XARecoveryModule - second pass
      2009-08-12 13:24:37,934 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] Authenticating user
      2009-08-12 13:24:37,934 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] Header - null
      2009-08-12 13:24:37,934 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] No Authorization Header, sending 401
      2009-08-12 13:24:37,934 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
      2009-08-12 13:24:37,934 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] Authenticating user
      2009-08-12 13:24:37,934 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] Header - Negotiate YIIEowYGKwYBBQUCoIIElzCCBJOgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBGkEggRlYIIEYQYJKoZIhvcSAQICAQBuggRQMIIETKADAgEFoQMCAQ6iBwMFACAAAACjggN7YYIDdzCCA3OgAwIBBaEMGwpHQVNVTklFLk5MoiYwJKADAgECoR0wGxsESFRUUBsTZ3V2bXA1NTMuZ2FzdW5pZS5ubKOCAzQwggMwoAMCARehAwIBBKKCAyIEggMe3EVziEPs4Scdx99KVdP0pEH7CNOASQKomW4m2i+ZGcVxKu6DrxB9aEVA7nATLecmpZLQbM/XLabpujr4Ji/S+FnsbNFsRpPcihzq3oQUPiT+o2e5imjKomRs+Ib2lOEryfBBpSnUgC36L68bPPdUV6gmHV5dOp8go7u1qahgIwHc6hIN5OZ3fzTs5ZD3sH8pXh6C9jXgKVZdkYM8oagm3BsZYQRn3/vpqSmCG8Trr5rbUQG6bJElhZL5a1OS/oWquUzCJimQKp68f6JnX/L0uwbJuC1xgn6zq9uNLYrnMfJC5IHKFJea/vpsohJP81vW6Nhs5D/xSuMnKCeVjdqv5IC2+jVuArK0cOJcHALdPEoItOqpaKWW4ZGe96L2r36FWhjWhCnfVFOJbZJLWEvOwvVoznxHAKJC+KvFgRfmYzpfL7cgHe7LAK2ZklwydMcmXkuQVhRVk4zQOitHOfiwTpu2WP4Rs+pKjm9NJdERa7/RvIunrbds7gIYoc0xtaJNFZaegRi+yn5EZ/mvqlh5qgdYUTeacst+zCAxcE48hq6i02TZ2HTdahBJv/wF84/2VfYD6YU62dNUJOWxirj0KNPCqXEodbOSSEJJYrrnMmnsFmXuZ+wQAVoA8bvi0C8Olj9MUw+U6LPp51VogT+rHyVG9cHNsZYKmypFRaiYjx2l0CeseCJm9AX2SnIgyi+JK6u0+ljGuOPLKV4X4baviO7h1dY4r5wV3LajKOBh7bfpe/eck/9LNlB71QsrbbpT0ZCfrXXsQlxHojE/pFSU2HKEiQk7oVfwInSVBA2oAyjxnIwYiVIcijKV986xMHkkr+rE3q5/aJrEYsFHeteETwilKwjMYKeCOAt4PBh8akrE9aNl+VniZEFjnA5AKUzGmV+XtFxSIs2mP08BWJGUFI/Y7puENhr26W6kTehFPOtb2HWj1CEXBw2PvrjgNAxfYlwXDF8ILCCfEsU6/DJ4q961eZgSQHKc1Ts4zxT9NCrrOInhlaQd5tLrniwQRCl9tuAck1sZRM3PP3bkeHzde+1GXHCQahQEvMHrDhdKpIG3MIG0oAMCAReigawEgak0OeCjGqbP0LBD9w1S+58yvqYlVYi4hBAAUHSqus8SUIV19pRHU8dubKisaQSscge9mHTpmuWp51ytGhV0K/xHhckSMirlRCA2nG9VkQBi7AGthWfcE4m+6XUmxpUKwswXpIfdyFroxlwNApfGlkLJLTjKZu6MysJUSWsScERYR+46QpNPFAd1jmIyEiHeiepchMgAfwZQ8uM2PGoS7h29YlMWikxkY5R8
      2009-08-12 13:24:37,950 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] YIIEowYGKwYBBQUCoIIElzCCBJOgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBGkEggRlYIIEYQYJKoZIhvcSAQICAQBuggRQMIIETKADAgEFoQMCAQ6iBwMFACAAAACjggN7YYIDdzCCA3OgAwIBBaEMGwpHQVNVTklFLk5MoiYwJKADAgECoR0wGxsESFRUUBsTZ3V2bXA1NTMuZ2FzdW5pZS5ubKOCAzQwggMwoAMCARehAwIBBKKCAyIEggMe3EVziEPs4Scdx99KVdP0pEH7CNOASQKomW4m2i+ZGcVxKu6DrxB9aEVA7nATLecmpZLQbM/XLabpujr4Ji/S+FnsbNFsRpPcihzq3oQUPiT+o2e5imjKomRs+Ib2lOEryfBBpSnUgC36L68bPPdUV6gmHV5dOp8go7u1qahgIwHc6hIN5OZ3fzTs5ZD3sH8pXh6C9jXgKVZdkYM8oagm3BsZYQRn3/vpqSmCG8Trr5rbUQG6bJElhZL5a1OS/oWquUzCJimQKp68f6JnX/L0uwbJuC1xgn6zq9uNLYrnMfJC5IHKFJea/vpsohJP81vW6Nhs5D/xSuMnKCeVjdqv5IC2+jVuArK0cOJcHALdPEoItOqpaKWW4ZGe96L2r36FWhjWhCnfVFOJbZJLWEvOwvVoznxHAKJC+KvFgRfmYzpfL7cgHe7LAK2ZklwydMcmXkuQVhRVk4zQOitHOfiwTpu2WP4Rs+pKjm9NJdERa7/RvIunrbds7gIYoc0xtaJNFZaegRi+yn5EZ/mvqlh5qgdYUTeacst+zCAxcE48hq6i02TZ2HTdahBJv/wF84/2VfYD6YU62dNUJOWxirj0KNPCqXEodbOSSEJJYrrnMmnsFmXuZ+wQAVoA8bvi0C8Olj9MUw+U6LPp51VogT+rHyVG9cHNsZYKmypFRaiYjx2l0CeseCJm9AX2SnIgyi+JK6u0+ljGuOPLKV4X4baviO7h1dY4r5wV3LajKOBh7bfpe/eck/9LNlB71QsrbbpT0ZCfrXXsQlxHojE/pFSU2HKEiQk7oVfwInSVBA2oAyjxnIwYiVIcijKV986xMHkkr+rE3q5/aJrEYsFHeteETwilKwjMYKeCOAt4PBh8akrE9aNl+VniZEFjnA5AKUzGmV+XtFxSIs2mP08BWJGUFI/Y7puENhr26W6kTehFPOtb2HWj1CEXBw2PvrjgNAxfYlwXDF8ILCCfEsU6/DJ4q961eZgSQHKc1Ts4zxT9NCrrOInhlaQd5tLrniwQRCl9tuAck1sZRM3PP3bkeHzde+1GXHCQahQEvMHrDhdKpIG3MIG0oAMCAReigawEgak0OeCjGqbP0LBD9w1S+58yvqYlVYi4hBAAUHSqus8SUIV19pRHU8dubKisaQSscge9mHTpmuWp51ytGhV0K/xHhckSMirlRCA2nG9VkQBi7AGthWfcE4m+6XUmxpUKwswXpIfdyFroxlwNApfGlkLJLTjKZu6MysJUSWsScERYR+46QpNPFAd1jmIyEiHeiepchMgAfwZQ8uM2PGoS7h29YlMWikxkY5R8
      2009-08-12 13:24:37,950 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] 0x60 0x82 0x04 0xa3 0x06 0x06 0x2b 0x06 0x01 0x05 0x05 0x02 0xa0 0x82 0x04 0x97 0x30 0x82 0x04 0x93 0xa0 0x24 0x30 0x22 0x06 0x09 0x2a 0x86 0x48 0x82 0xf7 0x12 0x01 0x02 0x02 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x12 0x01 0x02 0x02 0x06 0x0a 0x2b 0x06 0x01 0x04 0x01 0x82 0x37 0x02 0x02 0x0a 0xa2 0x82 0x04 0x69 0x04 0x82 0x04 0x65 0x60 0x82 0x04 0x61 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x12 0x01 0x02 0x02 0x01 0x00 0x6e 0x82 0x04 0x50 0x30 0x82 0x04 0x4c 0xa0 0x03 0x02 0x01 0x05 0xa1 0x03 0x02 0x01 0x0e 0xa2 0x07 0x03 0x05 0x00 0x20 0x00 0x00 0x00 0xa3 0x82 0x03 0x7b 0x61 0x82 0x03 0x77 0x30 0x82 0x03 0x73 0xa0 0x03 0x02 0x01 0x05 0xa1 0x0c 0x1b 0x0a 0x47 0x41 0x53 0x55 0x4e 0x49 0x45 0x2e 0x4e 0x4c 0xa2 0x26 0x30 0x24 0xa0 0x03 0x02 0x01 0x02 0xa1 0x1d 0x30 0x1b 0x1b 0x04 0x48 0x54 0x54 0x50 0x1b 0x13 0x67 0x75 0x76 0x6d 0x70 0x35 0x35 0x33 0x2e 0x67 0x61 0x73 0x75 0x6e 0x69 0x65 0x2e 0x6e 0x6c 0xa3 0x82 0x03 0x34 0x30 0x82 0x03 0x30 0xa0 0x03 0x02 0x01 0x17 0xa1 0x03 0x02 0x01 0x04 0xa2 0x82 0x03 0x22 0x04 0x82 0x03 0x1e 0xdc 0x45 0x73 0x88 0x43 0xec 0xe1 0x27 0x1d 0xc7 0xdf 0x4a 0x55 0xd3 0xf4 0xa4 0x41 0xfb 0x08 0xd3 0x80 0x49 0x02 0xa8 0x99 0x6e 0x26 0xda 0x2f 0x99 0x19 0xc5 0x71 0x2a 0xee 0x83 0xaf 0x10 0x7d 0x68 0x45 0x40 0xee 0x70 0x13 0x2d 0xe7 0x26 0xa5 0x92 0xd0 0x6c 0xcf 0xd7 0x2d 0xa6 0xe9 0xba 0x3a 0xf8 0x26 0x2f 0xd2 0xf8 0x59 0xec 0x6c 0xd1 0x6c 0x46 0x93 0xdc 0x8a 0x1c 0xea 0xde 0x84 0x14 0x3e 0x24 0xfe 0xa3 0x67 0xb9 0x8a 0x68 0xca 0xa2 0x64 0x6c 0xf8 0x86 0xf6 0x94 0xe1 0x2b 0xc9 0xf0 0x41 0xa5 0x29 0xd4 0x80 0x2d 0xfa 0x2f 0xaf 0x1b 0x3c 0xf7 0x54 0x57 0xa8 0x26 0x1d 0x5e 0x5d 0x3a 0x9f 0x20 0xa3 0xbb 0xb5 0xa9 0xa8 0x60 0x23 0x01 0xdc 0xea 0x12 0x0d 0xe4 0xe6 0x77 0x7f 0x34 0xec 0xe5 0x90 0xf7 0xb0 0x7f 0x29 0x5e 0x1e 0x82 0xf6 0x35 0xe0 0x29 0x56 0x5d 0x91 0x83 0x3c 0xa1 0xa8 0x26 0xdc 0x1b 0x19 0x61 0x04 0x67 0xdf 0xfb 0xe9 0xa9 0x29 0x82 0x1b 0xc4 0xeb 0xaf 0x9a 0xdb 0x51 0x01 0xba 0x6c 0x91 0x25 0x85 0x92 0xf9 0x6b 0x53 0x92 0xfe 0x85 0xaa 0xb9 0x4c 0xc2 0x26 0x29 0x90 0x2a 0x9e 0xbc 0x7f 0xa2 0x67 0x5f 0xf2 0xf4 0xbb 0x06 0xc9 0xb8 0x2d 0x71 0x82 0x7e 0xb3 0xab 0xdb 0x8d 0x2d 0x8a 0xe7 0x31 0xf2 0x42 0xe4 0x81 0xca 0x14 0x97 0x9a 0xfe 0xfa 0x6c 0xa2 0x12 0x4f 0xf3 0x5b 0xd6 0xe8 0xd8 0x6c 0xe4 0x3f 0xf1 0x4a 0xe3 0x27 0x28 0x27 0x95 0x8d 0xda 0xaf 0xe4 0x80 0xb6 0xfa 0x35 0x6e 0x02 0xb2 0xb4 0x70 0xe2 0x5c 0x1c 0x02 0xdd 0x3c 0x4a 0x08 0xb4 0xea 0xa9 0x68 0xa5 0x96 0xe1 0x91 0x9e 0xf7 0xa2 0xf6 0xaf 0x7e 0x85 0x5a 0x18 0xd6 0x84 0x29 0xdf 0x54 0x53 0x89 0x6d 0x92 0x4b 0x58 0x4b 0xce 0xc2 0xf5 0x68 0xce 0x7c 0x47 0x00 0xa2 0x42 0xf8 0xab 0xc5 0x81 0x17 0xe6 0x63 0x3a 0x5f 0x2f 0xb7 0x20 0x1d 0xee 0xcb 0x00 0xad 0x99 0x92 0x5c 0x32 0x74 0xc7 0x26 0x5e 0x4b 0x90 0x56 0x14 0x55 0x93 0x8c 0xd0 0x3a 0x2b 0x47 0x39 0xf8 0xb0 0x4e 0x9b 0xb6 0x58 0xfe 0x11 0xb3 0xea 0x4a 0x8e 0x6f 0x4d 0x25 0xd1 0x11 0x6b 0xbf 0xd1 0xbc 0x8b 0xa7 0xad 0xb7 0x6c 0xee 0x02 0x18 0xa1 0xcd 0x31 0xb5 0xa2 0x4d 0x15 0x96 0x9e 0x81 0x18 0xbe 0xca 0x7e 0x44 0x67 0xf9 0xaf 0xaa 0x58 0x79 0xaa 0x07 0x58 0x51 0x37 0x9a 0x72 0xcb 0x7e 0xcc 0x20 0x31 0x70 0x4e 0x3c 0x86 0xae 0xa2 0xd3 0x64 0xd9 0xd8 0x74 0xdd 0x6a 0x10 0x49 0xbf 0xfc 0x05 0xf3 0x8f 0xf6 0x55 0xf6 0x03 0xe9 0x85 0x3a 0xd9 0xd3 0x54 0x24 0xe5 0xb1 0x8a 0xb8 0xf4 0x28 0xd3 0xc2 0xa9 0x71 0x28 0x75 0xb3 0x92 0x48 0x42 0x49 0x62 0xba 0xe7 0x32 0x69 0xec 0x16 0x65 0xee 0x67 0xec 0x10 0x01 0x5a 0x00 0xf1 0xbb 0xe2 0xd0 0x2f 0x0e 0x96 0x3f 0x4c 0x53 0x0f 0x94 0xe8 0xb3 0xe9 0xe7 0x55 0x68 0x81 0x3f 0xab 0x1f 0x25 0x46 0xf5 0xc1 0xcd 0xb1 0x96 0x0a 0x9b 0x2a 0x45 0x45 0xa8 0x98 0x8f 0x1d 0xa5 0xd0 0x27 0xac 0x78 0x22 0x66 0xf4 0x05 0xf6 0x4a 0x72 0x20 0xca 0x2f 0x89 0x2b 0xab 0xb4 0xfa 0x58 0xc6 0xb8 0xe3 0xcb 0x29 0x5e 0x17 0xe1 0xb6 0xaf 0x88 0xee 0xe1 0xd5 0xd6 0x38 0xaf 0x9c 0x15 0xdc 0xb6 0xa3 0x28 0xe0 0x61 0xed 0xb7 0xe9 0x7b 0xf7 0x9c 0x93 0xff 0x4b 0x36 0x50 0x7b 0xd5 0x0b 0x2b 0x6d 0xba 0x53 0xd1 0x90 0x9f 0xad 0x75 0xec 0x42 0x5c 0x47 0xa2 0x31 0x3f 0xa4 0x54 0x94 0xd8 0x72 0x84 0x89 0x09 0x3b 0xa1 0x57 0xf0 0x22 0x74 0x95 0x04 0x0d 0xa8 0x03 0x28 0xf1 0x9c 0x8c 0x18 0x89 0x52 0x1c 0x8a 0x32 0x95 0xf7 0xce 0xb1 0x30 0x79 0x24 0xaf 0xea 0xc4 0xde 0xae 0x7f 0x68 0x9a 0xc4 0x62 0xc1 0x47 0x7a 0xd7 0x84 0x4f 0x08 0xa5 0x2b 0x08 0xcc 0x60 0xa7 0x82 0x38 0x0b 0x78 0x3c 0x18 0x7c 0x6a 0x4a 0xc4 0xf5 0xa3 0x65 0xf9 0x59 0xe2 0x64 0x41 0x63 0x9c 0x0e 0x40 0x29 0x4c 0xc6 0x99 0x5f 0x97 0xb4 0x5c 0x52 0x22 0xcd 0xa6 0x3f 0x4f 0x01 0x58 0x91 0x94 0x14 0x8f 0xd8 0xee 0x9b 0x84 0x36 0x1a 0xf6 0xe9 0x6e 0xa4 0x4d 0xe8 0x45 0x3c 0xeb 0x5b 0xd8 0x75 0xa3 0xd4 0x21 0x17 0x07 0x0d 0x8f 0xbe 0xb8 0xe0 0x34 0x0c 0x5f 0x62 0x5c 0x17 0x0c 0x5f 0x08 0x2c 0x20 0x9f 0x12 0xc5 0x3a 0xfc 0x32 0x78 0xab 0xde 0xb5 0x79 0x98 0x12 0x40 0x72 0x9c 0xd5 0x3b 0x38 0xcf 0x14 0xfd 0x34 0x2a 0xeb 0x38 0x89 0xe1 0x95 0xa4 0x1d 0xe6 0xd2 0xeb 0x9e 0x2c 0x10 0x44 0x29 0x7d 0xb6 0xe0 0x1c 0x93 0x5b 0x19 0x44 0xcd 0xcf 0x3f 0x76 0xe4 0x78 0x7c 0xdd 0x7b 0xed 0x46 0x5c 0x70 0x90 0x6a 0x14 0x04 0xbc 0xc1 0xeb 0x0e 0x17 0x4a 0xa4 0x81 0xb7 0x30 0x81 0xb4 0xa0 0x03 0x02 0x01 0x17 0xa2 0x81 0xac 0x04 0x81 0xa9 0x34 0x39 0xe0 0xa3 0x1a 0xa6 0xcf 0xd0 0xb0 0x43 0xf7 0x0d 0x52 0xfb 0x9f 0x32 0xbe 0xa6 0x25 0x55 0x88 0xb8 0x84 0x10 0x00 0x50 0x74 0xaa 0xba 0xcf 0x12 0x50 0x85 0x75 0xf6 0x94 0x47 0x53 0xc7 0x6e 0x6c 0xa8 0xac 0x69 0x04 0xac 0x72 0x07 0xbd 0x98 0x74 0xe9 0x9a 0xe5 0xa9 0xe7 0x5c 0xad 0x1a 0x15 0x74 0x2b 0xfc 0x47 0x85 0xc9 0x12 0x32 0x2a 0xe5 0x44 0x20 0x36 0x9c 0x6f 0x55 0x91 0x00 0x62 0xec 0x01 0xad 0x85 0x67 0xdc 0x13 0x89 0xbe 0xe9 0x75 0x26 0xc6 0x95 0x0a 0xc2 0xcc 0x17 0xa4 0x87 0xdd 0xc8 0x5a 0xe8 0xc6 0x5c 0x0d 0x02 0x97 0xc6 0x96 0x42 0xc9 0x2d 0x38 0xca 0x66 0xee 0x8c 0xca 0xc2 0x54 0x49 0x6b 0x12 0x70 0x44 0x58 0x47 0xee 0x3a 0x42 0x93 0x4f 0x14 0x07 0x75 0x8e 0x62 0x32 0x12 0x21 0xde 0x89 0xea 0x5c 0x84 0xc8 0x00 0x7f 0x06 0x50 0xf2 0xe3 0x36 0x3c 0x6a 0x12 0xee 0x1d 0xbd 0x62 0x53 0x16 0x8a 0x4c 0x64 0x63 0x94 0x7c
      2009-08-12 13:24:37,950 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] Creating new NegotiationContext
      2009-08-12 13:24:37,950 TRACE [org.jboss.security.negotiation.common.NegotiationContext] associate 33323834
      2009-08-12 13:24:37,966 TRACE [org.jboss.security.plugins.JaasSecurityManager] Constructing
      2009-08-12 13:24:37,966 DEBUG [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@126b165
      2009-08-12 13:24:37,966 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@1489c06
      2009-08-12 13:24:37,966 DEBUG [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] CachePolicy set to: org.jboss.util.TimedCachePolicy@1fb7cbb
      2009-08-12 13:24:37,966 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@1fb7cbb
      2009-08-12 13:24:37,966 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added SPNEGO, org.jboss.security.plugins.SecurityDomainContext@1ba1894 to map
      2009-08-12 13:24:37,966 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] Begin isValid, principal:F8EED4A1788E03E257AADE00B699F3CB, cache info: null
      2009-08-12 13:24:37,966 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] defaultLogin, principal=F8EED4A1788E03E257AADE00B699F3CB
      2009-08-12 13:24:37,966 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(SPNEGO), size=9
      2009-08-12 13:24:37,966 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
      ControlFlag: LoginModuleControlFlag: requisite
      Options:name=password-stacking, value=useFirstPass
      name=serverSecurityDomain, value=host
      [1]
      LoginModule Class: org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:name=roleNameAttributeID, value=cn
      name=baseFilter, value=(krbPrincipalName={0})
      name=recurseRoles, value=true
      name=java.naming.provider.url, value=ldap://cumpu552:389
      name=roleAttributeID, value=memberOf
      name=password-stacking, value=useFirstPass
      name=baseCtxDN, value=cn=users,dc=company,dc=nl
      name=roleAttributeIsDN, value=true
      name=jaasSecurityDomain, value=host
      name=bindAuthentication, value=GSSAPI

      2009-08-12 13:24:37,981 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] initialize, instance=@22406408
      2009-08-12 13:24:37,981 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Security domain: SPNEGO
      2009-08-12 13:24:37,981 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] serverSecurityDomain=host
      2009-08-12 13:24:37,981 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] login
      2009-08-12 13:24:37,981 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(host), size=9
      2009-08-12 13:24:37,981 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:name=debug, value=true
      name=useKeyTab, value=true
      name=keyTab, value=c:\webserver.keytab
      name=storeKey, value=true
      name=principal, value=HTTP/cumpu553.company.nl@COMPANY.NL
      name=doNotPrompt, value=true

      2009-08-12 13:24:37,981 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is c:\webserver.keytab refreshKrb5Config is false principal is HTTP/cumpu553.company.nl@COMPANY.NL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
      2009-08-12 13:24:37,981 INFO [STDOUT] >>> KeyTabInputStream, readName(): COMPANY.NL
      2009-08-12 13:24:37,981 INFO [STDOUT] >>> KeyTabInputStream, readName(): HTTP
      2009-08-12 13:24:37,981 INFO [STDOUT] >>> KeyTabInputStream, readName(): cumpu553.company.nl
      2009-08-12 13:24:37,981 INFO [STDOUT] >>> KeyTab: load() entry length: 70; type: 23
      2009-08-12 13:24:38,294 INFO [STDOUT] Added key: 23version: 4
      2009-08-12 13:24:38,294 INFO [STDOUT] Ordering keys wrt default_tkt_enctypes list
      2009-08-12 13:24:38,294 INFO [STDOUT] Using builtin default etypes for default_tkt_enctypes
      2009-08-12 13:24:38,294 INFO [STDOUT] default etypes for default_tkt_enctypes:
      2009-08-12 13:24:38,294 INFO [STDOUT] 3
      2009-08-12 13:24:38,294 INFO [STDOUT] 1
      2009-08-12 13:24:38,294 INFO [STDOUT] 23
      2009-08-12 13:24:38,294 INFO [STDOUT] 16
      2009-08-12 13:24:38,294 INFO [STDOUT] 17
      2009-08-12 13:24:38,294 INFO [STDOUT] .
      2009-08-12 13:24:38,294 INFO [STDOUT] principal's key obtained from the keytab
      2009-08-12 13:24:38,294 INFO [STDOUT] Acquire TGT using AS Exchange
      2009-08-12 13:24:38,294 INFO [STDOUT] Using builtin default etypes for default_tkt_enctypes
      2009-08-12 13:24:38,294 INFO [STDOUT] default etypes for default_tkt_enctypes:
      2009-08-12 13:24:38,294 INFO [STDOUT] 3
      2009-08-12 13:24:38,294 INFO [STDOUT] 1
      2009-08-12 13:24:38,294 INFO [STDOUT] 23
      2009-08-12 13:24:38,294 INFO [STDOUT] 16
      2009-08-12 13:24:38,294 INFO [STDOUT] 17
      2009-08-12 13:24:38,294 INFO [STDOUT] .
      2009-08-12 13:24:38,294 INFO [STDOUT] >>> KrbAsReq calling createMessage
      2009-08-12 13:24:38,294 INFO [STDOUT] >>> KrbAsReq in createMessage
      2009-08-12 13:24:38,294 INFO [STDOUT] >>> KrbKdcReq send: kdc=cumpu552.company.nl UDP:88, timeout=30000, number of retries =3, #bytes=152
      2009-08-12 13:24:38,309 INFO [STDOUT] >>> KDCCommunication: kdc=cumpu552.company.nl UDP:88, timeout=30000,Attempt =1, #bytes=152
      2009-08-12 13:24:38,309 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=601
      2009-08-12 13:24:38,309 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=601
      2009-08-12 13:24:38,309 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      2009-08-12 13:24:38,450 INFO [STDOUT] >>> KrbAsRep cons in KrbAsReq.getReply HTTP/cumpu553.company.nl
      2009-08-12 13:24:38,450 INFO [STDOUT] principal is HTTP/cumpu553.company.nl@COMPANY.NL
      2009-08-12 13:24:38,450 INFO [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 4F 2D BC 41 0D 62 78 62 C8 A0 E7 DC C7 A4 19 78 O-.A.bxb.......x
      2009-08-12 13:24:38,450 INFO [STDOUT] Added server's keyKerberos Principal HTTP/cumpu553.company.nl@COMPANY.NLKey Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 4F 2D BC 41 0D 62 78 62 C8 A0 E7 DC C7 A4 19 78 O-.A.bxb.......x
      2009-08-12 13:24:38,450 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal HTTP/cumpu553.company.nl@COMPANY.NL to Subject
      2009-08-12 13:24:38,466 INFO [STDOUT] Commit Succeeded
      2009-08-12 13:24:38,466 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Subject = Subject:
      Principal: HTTP/cumpu553.company.nl@COMPANY.NL
      Private Credential: Ticket (hex) =
      0000: 61 82 01 0E 30 82 01 0A A0 03 02 01 05 A1 0C 1B a...0...........
      0010: 0A 47 41 53 55 4E 49 45 2E 4E 4C A2 1F 30 1D A0 .COMPANY.NL..0..
      0020: 03 02 01 02 A1 16 30 14 1B 06 6B 72 62 74 67 74 ......0...krbtgt
      0030: 1B 0A 47 41 53 55 4E 49 45 2E 4E 4C A3 81 D3 30 ..COMPANY.NL...0
      0040: 81 D0 A0 03 02 01 17 A1 03 02 01 02 A2 81 C3 04 ................
      0050: 81 C0 14 5F 0A 06 55 96 88 64 5D C6 5F B3 DF F6 ..._..U..d]._...
      0060: 59 A4 8C B2 A3 EB FF 99 07 32 66 41 80 47 8D 01 Y........2fA.G..
      0070: 78 5A B6 AB 60 DF DD CC 7E EC 0D 3C AC DF BE C1 xZ..`......<....
      0080: 8F CD 8A 22 94 0B B1 F7 05 99 70 52 6E 34 3A 2D ..."......pRn4:-
      0090: D4 34 D0 16 36 8D 52 86 B9 16 25 9E 97 85 68 44 .4..6.R...%...hD
      00A0: 01 52 8F 81 AA D9 B4 FE 05 B5 99 27 75 1B 94 53 .R.........'u..S
      00B0: 07 59 BB E0 38 E2 CC 64 9B E2 2D 4E 07 C5 60 A4 .Y..8..d..-N..`.
      00C0: 0F 12 18 25 BC 5C EC 62 CC A5 CD 21 1C F8 58 EF ...%.\.b...!..X.
      00D0: 55 1D DE B1 80 97 1B FA 81 8A B9 12 A2 D8 71 C7 U.............q.
      00E0: 61 45 B1 E1 B2 8B 74 F3 A9 26 23 8C E1 2C DD 6A aE....t..&#..,.j
      00F0: D2 BE 78 7A E2 F6 C8 01 78 DA F4 EF 31 C1 BB DD ..xz....x...1...
      0100: 51 20 E3 6A C2 C9 BC 09 7E 79 52 FC 2B AA A8 36 Q .j.....yR.+..6
      0110: F6 D8
      Client Principal = HTTP/cumpu553.company.nl@COMPANY.NL
      Server Principal = krbtgt/COMPANY.NL@COMPANY.NL
      Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: FA 66 C1 06 D7 51 B8 84 0E F7 C8 D1 4D 6C B3 40 .f...Q......Ml.@


      Forwardable Ticket false
      Forwarded Ticket false
      Proxiable Ticket false
      Proxy Ticket false
      Postdated Ticket false
      Renewable Ticket false
      Initial Ticket false
      Auth Time = Wed Aug 12 13:24:38 CEST 2009
      Start Time = Wed Aug 12 13:24:38 CEST 2009
      End Time = Wed Aug 12 23:24:38 CEST 2009
      Renew Till = null
      Client Addresses Null
      Private Credential: Kerberos Principal HTTP/cumpu553.company.nl@COMPANY.NLKey Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 4F 2D BC 41 0D 62 78 62 C8 A0 E7 DC C7 A4 19 78 O-.A.bxb.......x



      2009-08-12 13:24:38,466 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Logged in 'host' LoginContext
      2009-08-12 13:24:38,466 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Result - false
      2009-08-12 13:24:38,466 INFO [STDOUT] [Krb5LoginModule]: Entering logout
      2009-08-12 13:24:38,466 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
      2009-08-12 13:24:38,466 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] super.loginOk false
      2009-08-12 13:24:38,466 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] abort
      2009-08-12 13:24:38,481 TRACE [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] initialize, instance=@26375428
      2009-08-12 13:24:38,481 TRACE [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] Security domain: SPNEGO
      2009-08-12 13:24:38,481 WARN [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] 'org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule' is deprecated, use 'org.jboss.security.negotiation.AdvancedLdapLoginModule' instead.
      2009-08-12 13:24:38,481 TRACE [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] abort
      2009-08-12 13:24:38,481 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] Login failure
      javax.security.auth.login.LoginException: Continuation Required.
      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:161)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
      at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
      at java.lang.Thread.run(Thread.java:595)
      2009-08-12 13:24:38,481 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] End isValid, false
      2009-08-12 13:24:38,481 TRACE [org.jboss.security.negotiation.common.MessageTrace.Response.Base64] oRQwEqADCgEBoQsGCSqGSIb3EgECAg==
      2009-08-12 13:24:38,481 TRACE [org.jboss.security.negotiation.common.NegotiationContext] clear 33323834
      2009-08-12 13:24:38,481 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
      2009-08-12 13:24:38,497 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] Authenticating user
      2009-08-12 13:24:38,497 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] Header - Negotiate oYIEcTCCBG2iggRpBIIEZWCCBGEGCSqGSIb3EgECAgEAboIEUDCCBEygAwIBBaEDAgEOogcDBQAAAAAAo4IDe2GCA3cwggNzoAMCAQWhDBsKR0FTVU5JRS5OTKImMCSgAwIBAqEdMBsbBEhUVFAbE2d1dm1wNTUzLmdhc3VuaWUubmyjggM0MIIDMKADAgEXoQMCAQSiggMiBIIDHtxFc4hD7OEnHcffSlXT9KRB+wjTgEkCqJluJtovmRnFcSrug68QfWhFQO5wEy3nJqWS0GzP1y2m6bo6+CYv0vhZ7GzRbEaT3Ioc6t6EFD4k/qNnuYpoyqJkbPiG9pThK8nwQaUp1IAt+i+vGzz3VFeoJh1eXTqfIKO7tamoYCMB3OoSDeTmd3807OWQ97B/KV4egvY14ClWXZGDPKGoJtwbGWEEZ9/76akpghvE66+a21EBumyRJYWS+WtTkv6FqrlMwiYpkCqevH+iZ1/y9LsGybgtcYJ+s6vbjS2K5zHyQuSByhSXmv76bKIST/Nb1ujYbOQ/8UrjJygnlY3ar+SAtvo1bgKytHDiXBwC3TxKCLTqqWilluGRnvei9q9+hVoY1oQp31RTiW2SS1hLzsL1aM58RwCiQvirxYEX5mM6Xy+3IB3uywCtmZJcMnTHJl5LkFYUVZOM0DorRzn4sE6btlj+EbPqSo5vTSXREWu/0byLp623bO4CGKHNMbWiTRWWnoEYvsp+RGf5r6pYeaoHWFE3mnLLfswgMXBOPIauotNk2dh03WoQSb/8BfOP9lX2A+mFOtnTVCTlsYq49CjTwqlxKHWzkkhCSWK65zJp7BZl7mfsEAFaAPG74tAvDpY/TFMPlOiz6edVaIE/qx8lRvXBzbGWCpsqRUWomI8dpdAnrHgiZvQF9kpyIMoviSurtPpYxrjjyyleF+G2r4ju4dXWOK+cFdy2oyjgYe236Xv3nJP/SzZQe9ULK226U9GQn6117EJcR6IxP6RUlNhyhIkJO6FX8CJ0lQQNqAMo8ZyMGIlSHIoylffOsTB5JK/qxN6uf2iaxGLBR3rXhE8IpSsIzGCngjgLeDwYfGpKxPWjZflZ4mRBY5wOQClMxplfl7RcUiLNpj9PAViRlBSP2O6bhDYa9ulupE3oRTzrW9h1o9QhFwcNj7644DQMX2JcFwxfCCwgnxLFOvwyeKvetXmYEkBynNU7OM8U/TQq6ziJ4ZWkHebS654sEEQpfbbgHJNbGUTNzz925Hh83XvtRlxwkGoUBLzB6w4XSqSBtzCBtKADAgEXooGsBIGpFOcW1B4Y7UliNE6sOiAYVPdOcfsKwyUmdTRmRm/hGmlg9hq/2K22xFzdftdE2LR8RLV+kN6QfWe3cR8PioSdbhM6TxgDaizjrP02j9SteARGrQ16OdawnZby9dIKwaa3L/W3yJdaPKZkFOu1Uc6XiDCgMUnhlST525MxK06Loxvbc+0Bywo6acvcoctFIDbmfTYQzEg6MENK2M3ev6bAtzv9F5FDOgIhdA==
      2009-08-12 13:24:38,497 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] oYIEcTCCBG2iggRpBIIEZWCCBGEGCSqGSIb3EgECAgEAboIEUDCCBEygAwIBBaEDAgEOogcDBQAAAAAAo4IDe2GCA3cwggNzoAMCAQWhDBsKR0FTVU5JRS5OTKImMCSgAwIBAqEdMBsbBEhUVFAbE2d1dm1wNTUzLmdhc3VuaWUubmyjggM0MIIDMKADAgEXoQMCAQSiggMiBIIDHtxFc4hD7OEnHcffSlXT9KRB+wjTgEkCqJluJtovmRnFcSrug68QfWhFQO5wEy3nJqWS0GzP1y2m6bo6+CYv0vhZ7GzRbEaT3Ioc6t6EFD4k/qNnuYpoyqJkbPiG9pThK8nwQaUp1IAt+i+vGzz3VFeoJh1eXTqfIKO7tamoYCMB3OoSDeTmd3807OWQ97B/KV4egvY14ClWXZGDPKGoJtwbGWEEZ9/76akpghvE66+a21EBumyRJYWS+WtTkv6FqrlMwiYpkCqevH+iZ1/y9LsGybgtcYJ+s6vbjS2K5zHyQuSByhSXmv76bKIST/Nb1ujYbOQ/8UrjJygnlY3ar+SAtvo1bgKytHDiXBwC3TxKCLTqqWilluGRnvei9q9+hVoY1oQp31RTiW2SS1hLzsL1aM58RwCiQvirxYEX5mM6Xy+3IB3uywCtmZJcMnTHJl5LkFYUVZOM0DorRzn4sE6btlj+EbPqSo5vTSXREWu/0byLp623bO4CGKHNMbWiTRWWnoEYvsp+RGf5r6pYeaoHWFE3mnLLfswgMXBOPIauotNk2dh03WoQSb/8BfOP9lX2A+mFOtnTVCTlsYq49CjTwqlxKHWzkkhCSWK65zJp7BZl7mfsEAFaAPG74tAvDpY/TFMPlOiz6edVaIE/qx8lRvXBzbGWCpsqRUWomI8dpdAnrHgiZvQF9kpyIMoviSurtPpYxrjjyyleF+G2r4ju4dXWOK+cFdy2oyjgYe236Xv3nJP/SzZQe9ULK226U9GQn6117EJcR6IxP6RUlNhyhIkJO6FX8CJ0lQQNqAMo8ZyMGIlSHIoylffOsTB5JK/qxN6uf2iaxGLBR3rXhE8IpSsIzGCngjgLeDwYfGpKxPWjZflZ4mRBY5wOQClMxplfl7RcUiLNpj9PAViRlBSP2O6bhDYa9ulupE3oRTzrW9h1o9QhFwcNj7644DQMX2JcFwxfCCwgnxLFOvwyeKvetXmYEkBynNU7OM8U/TQq6ziJ4ZWkHebS654sEEQpfbbgHJNbGUTNzz925Hh83XvtRlxwkGoUBLzB6w4XSqSBtzCBtKADAgEXooGsBIGpFOcW1B4Y7UliNE6sOiAYVPdOcfsKwyUmdTRmRm/hGmlg9hq/2K22xFzdftdE2LR8RLV+kN6QfWe3cR8PioSdbhM6TxgDaizjrP02j9SteARGrQ16OdawnZby9dIKwaa3L/W3yJdaPKZkFOu1Uc6XiDCgMUnhlST525MxK06Loxvbc+0Bywo6acvcoctFIDbmfTYQzEg6MENK2M3ev6bAtzv9F5FDOgIhdA==
      2009-08-12 13:24:38,512 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] 0xa1 0x82 0x04 0x71 0x30 0x82 0x04 0x6d 0xa2 0x82 0x04 0x69 0x04 0x82 0x04 0x65 0x60 0x82 0x04 0x61 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x12 0x01 0x02 0x02 0x01 0x00 0x6e 0x82 0x04 0x50 0x30 0x82 0x04 0x4c 0xa0 0x03 0x02 0x01 0x05 0xa1 0x03 0x02 0x01 0x0e 0xa2 0x07 0x03 0x05 0x00 0x00 0x00 0x00 0x00 0xa3 0x82 0x03 0x7b 0x61 0x82 0x03 0x77 0x30 0x82 0x03 0x73 0xa0 0x03 0x02 0x01 0x05 0xa1 0x0c 0x1b 0x0a 0x47 0x41 0x53 0x55 0x4e 0x49 0x45 0x2e 0x4e 0x4c 0xa2 0x26 0x30 0x24 0xa0 0x03 0x02 0x01 0x02 0xa1 0x1d 0x30 0x1b 0x1b 0x04 0x48 0x54 0x54 0x50 0x1b 0x13 0x67 0x75 0x76 0x6d 0x70 0x35 0x35 0x33 0x2e 0x67 0x61 0x73 0x75 0x6e 0x69 0x65 0x2e 0x6e 0x6c 0xa3 0x82 0x03 0x34 0x30 0x82 0x03 0x30 0xa0 0x03 0x02 0x01 0x17 0xa1 0x03 0x02 0x01 0x04 0xa2 0x82 0x03 0x22 0x04 0x82 0x03 0x1e 0xdc 0x45 0x73 0x88 0x43 0xec 0xe1 0x27 0x1d 0xc7 0xdf 0x4a 0x55 0xd3 0xf4 0xa4 0x41 0xfb 0x08 0xd3 0x80 0x49 0x02 0xa8 0x99 0x6e 0x26 0xda 0x2f 0x99 0x19 0xc5 0x71 0x2a 0xee 0x83 0xaf 0x10 0x7d 0x68 0x45 0x40 0xee 0x70 0x13 0x2d 0xe7 0x26 0xa5 0x92 0xd0 0x6c 0xcf 0xd7 0x2d 0xa6 0xe9 0xba 0x3a 0xf8 0x26 0x2f 0xd2 0xf8 0x59 0xec 0x6c 0xd1 0x6c 0x46 0x93 0xdc 0x8a 0x1c 0xea 0xde 0x84 0x14 0x3e 0x24 0xfe 0xa3 0x67 0xb9 0x8a 0x68 0xca 0xa2 0x64 0x6c 0xf8 0x86 0xf6 0x94 0xe1 0x2b 0xc9 0xf0 0x41 0xa5 0x29 0xd4 0x80 0x2d 0xfa 0x2f 0xaf 0x1b 0x3c 0xf7 0x54 0x57 0xa8 0x26 0x1d 0x5e 0x5d 0x3a 0x9f 0x20 0xa3 0xbb 0xb5 0xa9 0xa8 0x60 0x23 0x01 0xdc 0xea 0x12 0x0d 0xe4 0xe6 0x77 0x7f 0x34 0xec 0xe5 0x90 0xf7 0xb0 0x7f 0x29 0x5e 0x1e 0x82 0xf6 0x35 0xe0 0x29 0x56 0x5d 0x91 0x83 0x3c 0xa1 0xa8 0x26 0xdc 0x1b 0x19 0x61 0x04 0x67 0xdf 0xfb 0xe9 0xa9 0x29 0x82 0x1b 0xc4 0xeb 0xaf 0x9a 0xdb 0x51 0x01 0xba 0x6c 0x91 0x25 0x85 0x92 0xf9 0x6b 0x53 0x92 0xfe 0x85 0xaa 0xb9 0x4c 0xc2 0x26 0x29 0x90 0x2a 0x9e 0xbc 0x7f 0xa2 0x67 0x5f 0xf2 0xf4 0xbb 0x06 0xc9 0xb8 0x2d 0x71 0x82 0x7e 0xb3 0xab 0xdb 0x8d 0x2d 0x8a 0xe7 0x31 0xf2 0x42 0xe4 0x81 0xca 0x14 0x97 0x9a 0xfe 0xfa 0x6c 0xa2 0x12 0x4f 0xf3 0x5b 0xd6 0xe8 0xd8 0x6c 0xe4 0x3f 0xf1 0x4a 0xe3 0x27 0x28 0x27 0x95 0x8d 0xda 0xaf 0xe4 0x80 0xb6 0xfa 0x35 0x6e 0x02 0xb2 0xb4 0x70 0xe2 0x5c 0x1c 0x02 0xdd 0x3c 0x4a 0x08 0xb4 0xea 0xa9 0x68 0xa5 0x96 0xe1 0x91 0x9e 0xf7 0xa2 0xf6 0xaf 0x7e 0x85 0x5a 0x18 0xd6 0x84 0x29 0xdf 0x54 0x53 0x89 0x6d 0x92 0x4b 0x58 0x4b 0xce 0xc2 0xf5 0x68 0xce 0x7c 0x47 0x00 0xa2 0x42 0xf8 0xab 0xc5 0x81 0x17 0xe6 0x63 0x3a 0x5f 0x2f 0xb7 0x20 0x1d 0xee 0xcb 0x00 0xad 0x99 0x92 0x5c 0x32 0x74 0xc7 0x26 0x5e 0x4b 0x90 0x56 0x14 0x55 0x93 0x8c 0xd0 0x3a 0x2b 0x47 0x39 0xf8 0xb0 0x4e 0x9b 0xb6 0x58 0xfe 0x11 0xb3 0xea 0x4a 0x8e 0x6f 0x4d 0x25 0xd1 0x11 0x6b 0xbf 0xd1 0xbc 0x8b 0xa7 0xad 0xb7 0x6c 0xee 0x02 0x18 0xa1 0xcd 0x31 0xb5 0xa2 0x4d 0x15 0x96 0x9e 0x81 0x18 0xbe 0xca 0x7e 0x44 0x67 0xf9 0xaf 0xaa 0x58 0x79 0xaa 0x07 0x58 0x51 0x37 0x9a 0x72 0xcb 0x7e 0xcc 0x20 0x31 0x70 0x4e 0x3c 0x86 0xae 0xa2 0xd3 0x64 0xd9 0xd8 0x74 0xdd 0x6a 0x10 0x49 0xbf 0xfc 0x05 0xf3 0x8f 0xf6 0x55 0xf6 0x03 0xe9 0x85 0x3a 0xd9 0xd3 0x54 0x24 0xe5 0xb1 0x8a 0xb8 0xf4 0x28 0xd3 0xc2 0xa9 0x71 0x28 0x75 0xb3 0x92 0x48 0x42 0x49 0x62 0xba 0xe7 0x32 0x69 0xec 0x16 0x65 0xee 0x67 0xec 0x10 0x01 0x5a 0x00 0xf1 0xbb 0xe2 0xd0 0x2f 0x0e 0x96 0x3f 0x4c 0x53 0x0f 0x94 0xe8 0xb3 0xe9 0xe7 0x55 0x68 0x81 0x3f 0xab 0x1f 0x25 0x46 0xf5 0xc1 0xcd 0xb1 0x96 0x0a 0x9b 0x2a 0x45 0x45 0xa8 0x98 0x8f 0x1d 0xa5 0xd0 0x27 0xac 0x78 0x22 0x66 0xf4 0x05 0xf6 0x4a 0x72 0x20 0xca 0x2f 0x89 0x2b 0xab 0xb4 0xfa 0x58 0xc6 0xb8 0xe3 0xcb 0x29 0x5e 0x17 0xe1 0xb6 0xaf 0x88 0xee 0xe1 0xd5 0xd6 0x38 0xaf 0x9c 0x15 0xdc 0xb6 0xa3 0x28 0xe0 0x61 0xed 0xb7 0xe9 0x7b 0xf7 0x9c 0x93 0xff 0x4b 0x36 0x50 0x7b 0xd5 0x0b 0x2b 0x6d 0xba 0x53 0xd1 0x90 0x9f 0xad 0x75 0xec 0x42 0x5c 0x47 0xa2 0x31 0x3f 0xa4 0x54 0x94 0xd8 0x72 0x84 0x89 0x09 0x3b 0xa1 0x57 0xf0 0x22 0x74 0x95 0x04 0x0d 0xa8 0x03 0x28 0xf1 0x9c 0x8c 0x18 0x89 0x52 0x1c 0x8a 0x32 0x95 0xf7 0xce 0xb1 0x30 0x79 0x24 0xaf 0xea 0xc4 0xde 0xae 0x7f 0x68 0x9a 0xc4 0x62 0xc1 0x47 0x7a 0xd7 0x84 0x4f 0x08 0xa5 0x2b 0x08 0xcc 0x60 0xa7 0x82 0x38 0x0b 0x78 0x3c 0x18 0x7c 0x6a 0x4a 0xc4 0xf5 0xa3 0x65 0xf9 0x59 0xe2 0x64 0x41 0x63 0x9c 0x0e 0x40 0x29 0x4c 0xc6 0x99 0x5f 0x97 0xb4 0x5c 0x52 0x22 0xcd 0xa6 0x3f 0x4f 0x01 0x58 0x91 0x94 0x14 0x8f 0xd8 0xee 0x9b 0x84 0x36 0x1a 0xf6 0xe9 0x6e 0xa4 0x4d 0xe8 0x45 0x3c 0xeb 0x5b 0xd8 0x75 0xa3 0xd4 0x21 0x17 0x07 0x0d 0x8f 0xbe 0xb8 0xe0 0x34 0x0c 0x5f 0x62 0x5c 0x17 0x0c 0x5f 0x08 0x2c 0x20 0x9f 0x12 0xc5 0x3a 0xfc 0x32 0x78 0xab 0xde 0xb5 0x79 0x98 0x12 0x40 0x72 0x9c 0xd5 0x3b 0x38 0xcf 0x14 0xfd 0x34 0x2a 0xeb 0x38 0x89 0xe1 0x95 0xa4 0x1d 0xe6 0xd2 0xeb 0x9e 0x2c 0x10 0x44 0x29 0x7d 0xb6 0xe0 0x1c 0x93 0x5b 0x19 0x44 0xcd 0xcf 0x3f 0x76 0xe4 0x78 0x7c 0xdd 0x7b 0xed 0x46 0x5c 0x70 0x90 0x6a 0x14 0x04 0xbc 0xc1 0xeb 0x0e 0x17 0x4a 0xa4 0x81 0xb7 0x30 0x81 0xb4 0xa0 0x03 0x02 0x01 0x17 0xa2 0x81 0xac 0x04 0x81 0xa9 0x14 0xe7 0x16 0xd4 0x1e 0x18 0xed 0x49 0x62 0x34 0x4e 0xac 0x3a 0x20 0x18 0x54 0xf7 0x4e 0x71 0xfb 0x0a 0xc3 0x25 0x26 0x75 0x34 0x66 0x46 0x6f 0xe1 0x1a 0x69 0x60 0xf6 0x1a 0xbf 0xd8 0xad 0xb6 0xc4 0x5c 0xdd 0x7e 0xd7 0x44 0xd8 0xb4 0x7c 0x44 0xb5 0x7e 0x90 0xde 0x90 0x7d 0x67 0xb7 0x71 0x1f 0x0f 0x8a 0x84 0x9d 0x6e 0x13 0x3a 0x4f 0x18 0x03 0x6a 0x2c 0xe3 0xac 0xfd 0x36 0x8f 0xd4 0xad 0x78 0x04 0x46 0xad 0x0d 0x7a 0x39 0xd6 0xb0 0x9d 0x96 0xf2 0xf5 0xd2 0x0a 0xc1 0xa6 0xb7 0x2f 0xf5 0xb7 0xc8 0x97 0x5a 0x3c 0xa6 0x64 0x14 0xeb 0xb5 0x51 0xce 0x97 0x88 0x30 0xa0 0x31 0x49 0xe1 0x95 0x24 0xf9 0xdb 0x93 0x31 0x2b 0x4e 0x8b 0xa3 0x1b 0xdb 0x73 0xed 0x01 0xcb 0x0a 0x3a 0x69 0xcb 0xdc 0xa1 0xcb 0x45 0x20 0x36 0xe6 0x7d 0x36 0x10 0xcc 0x48 0x3a 0x30 0x43 0x4a 0xd8 0xcd 0xde 0xbf 0xa6 0xc0 0xb7 0x3b 0xfd 0x17 0x91 0x43 0x3a 0x02 0x21 0x74
      2009-08-12 13:24:38,512 TRACE [org.jboss.security.negotiation.common.NegotiationContext] associate 33323834
      2009-08-12 13:24:38,512 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] Begin isValid, principal:F8EED4A1788E03E257AADE00B699F3CB, cache info: null
      2009-08-12 13:24:38,512 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] defaultLogin, principal=F8EED4A1788E03E257AADE00B699F3CB
      2009-08-12 13:24:38,512 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(SPNEGO), size=9
      2009-08-12 13:24:38,512 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
      ControlFlag: LoginModuleControlFlag: requisite
      Options:name=password-stacking, value=useFirstPass
      name=serverSecurityDomain, value=host
      [1]
      LoginModule Class: org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:name=roleNameAttributeID, value=cn
      name=baseFilter, value=(krbPrincipalName={0})
      name=recurseRoles, value=true
      name=java.naming.provider.url, value=ldap://cumpu552:389
      name=roleAttributeID, value=memberOf
      name=password-stacking, value=useFirstPass
      name=baseCtxDN, value=cn=users,dc=company,dc=nl
      name=roleAttributeIsDN, value=true
      name=jaasSecurityDomain, value=host
      name=bindAuthentication, value=GSSAPI

      2009-08-12 13:24:38,512 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] initialize, instance=@17351095
      2009-08-12 13:24:38,512 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Security domain: SPNEGO
      2009-08-12 13:24:38,512 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] serverSecurityDomain=host
      2009-08-12 13:24:38,512 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] login
      2009-08-12 13:24:38,512 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(host), size=9
      2009-08-12 13:24:38,512 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:name=debug, value=true
      name=useKeyTab, value=true
      name=keyTab, value=c:\webserver.keytab
      name=storeKey, value=true
      name=principal, value=HTTP/cumpu553.company.nl@COMPANY.NL
      name=doNotPrompt, value=true

      2009-08-12 13:24:38,512 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is c:\webserver.keytab refreshKrb5Config is false principal is HTTP/cumpu553.company.nl@COMPANY.NL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
      2009-08-12 13:24:38,512 INFO [STDOUT] Added key: 23version: 4
      2009-08-12 13:24:38,512 INFO [STDOUT] Ordering keys wrt default_tkt_enctypes list
      2009-08-12 13:24:38,512 INFO [STDOUT] Using builtin default etypes for default_tkt_enctypes
      2009-08-12 13:24:38,512 INFO [STDOUT] default etypes for default_tkt_enctypes:
      2009-08-12 13:24:38,512 INFO [STDOUT] 3
      2009-08-12 13:24:38,512 INFO [STDOUT] 1
      2009-08-12 13:24:38,512 INFO [STDOUT] 23
      2009-08-12 13:24:38,512 INFO [STDOUT] 16
      2009-08-12 13:24:38,528 INFO [STDOUT] 17
      2009-08-12 13:24:38,528 INFO [STDOUT] .
      2009-08-12 13:24:38,528 INFO [STDOUT] principal's key obtained from the keytab
      2009-08-12 13:24:38,528 INFO [STDOUT] Acquire TGT using AS Exchange
      2009-08-12 13:24:38,528 INFO [STDOUT] Using builtin default etypes for default_tkt_enctypes
      2009-08-12 13:24:38,528 INFO [STDOUT] default etypes for default_tkt_enctypes:
      2009-08-12 13:24:38,528 INFO [STDOUT] 3
      2009-08-12 13:24:38,528 INFO [STDOUT] 1
      2009-08-12 13:24:38,528 INFO [STDOUT] 23
      2009-08-12 13:24:38,528 INFO [STDOUT] 16
      2009-08-12 13:24:38,528 INFO [STDOUT] 17
      2009-08-12 13:24:38,528 INFO [STDOUT] .
      2009-08-12 13:24:38,528 INFO [STDOUT] >>> KrbAsReq calling createMessage
      2009-08-12 13:24:38,528 INFO [STDOUT] >>> KrbAsReq in createMessage
      2009-08-12 13:24:38,528 INFO [STDOUT] >>> KrbKdcReq send: kdc=cumpu552.company.nl UDP:88, timeout=30000, number of retries =3, #bytes=152
      2009-08-12 13:24:38,528 INFO [STDOUT] >>> KDCCommunication: kdc=cumpu552.company.nl UDP:88, timeout=30000,Attempt =1, #bytes=152
      2009-08-12 13:24:38,528 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=601
      2009-08-12 13:24:38,528 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=601
      2009-08-12 13:24:38,528 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      2009-08-12 13:24:38,528 INFO [STDOUT] >>> KrbAsRep cons in KrbAsReq.getReply HTTP/cumpu553.company.nl
      2009-08-12 13:24:38,528 INFO [STDOUT] principal is HTTP/cumpu553.company.nl@COMPANY.NL
      2009-08-12 13:24:38,528 INFO [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 4F 2D BC 41 0D 62 78 62 C8 A0 E7 DC C7 A4 19 78 O-.A.bxb.......x
      2009-08-12 13:24:38,528 INFO [STDOUT] Added server's keyKerberos Principal HTTP/cumpu553.company.nl@COMPANY.NLKey Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 4F 2D BC 41 0D 62 78 62 C8 A0 E7 DC C7 A4 19 78 O-.A.bxb.......x
      2009-08-12 13:24:38,528 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal HTTP/cumpu553.company.nl@COMPANY.NL to Subject
      2009-08-12 13:24:38,528 INFO [STDOUT] Commit Succeeded
      2009-08-12 13:24:38,544 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Subject = Subject:
      Principal: HTTP/cumpu553.company.nl@COMPANY.NL
      Private Credential: Ticket (hex) =
      0000: 61 82 01 0E 30 82 01 0A A0 03 02 01 05 A1 0C 1B a...0...........
      0010: 0A 47 41 53 55 4E 49 45 2E 4E 4C A2 1F 30 1D A0 .COMPANY.NL..0..
      0020: 03 02 01 02 A1 16 30 14 1B 06 6B 72 62 74 67 74 ......0...krbtgt
      0030: 1B 0A 47 41 53 55 4E 49 45 2E 4E 4C A3 81 D3 30 ..COMPANY.NL...0
      0040: 81 D0 A0 03 02 01 17 A1 03 02 01 02 A2 81 C3 04 ................
      0050: 81 C0 DB 27 15 2D 85 5D D4 26 4A ED E3 84 72 7D ...'.-.].&J...r.
      0060: 14 F8 21 E1 CC 35 58 7A 5D C2 49 C3 C7 FF 7F 4C ..!..5Xz].I....L
      0070: C0 0A E5 8E CD 78 88 F1 C6 CD 19 60 A6 19 AA D5 .....x.....`....
      0080: 14 F5 44 90 97 0B 79 BF 90 E2 57 2F A5 26 23 EF ..D...y...W/.&#.
      0090: 20 00 52 EE 1F 3D D6 08 A9 FC 32 BF 97 B1 39 A4 .R..=....2...9.
      00A0: E5 2B 50 F6 0A 43 96 A5 1A 45 45 09 A7 F6 89 95 .+P..C...EE.....
      00B0: 2F C3 92 91 85 FD 95 3B 92 66 11 05 1D 6F 22 A9 /......;.f...o".
      00C0: AB 05 AD 4A 7F 36 ED F8 79 06 F3 CF 78 90 C0 90 ...J.6..y...x...
      00D0: 18 35 8C 07 64 6C 9D E6 11 32 04 C5 37 D1 02 ED .5..dl...2..7...
      00E0: 45 C4 B7 C2 76 A6 0B 48 82 39 B3 7A A8 1B A8 02 E...v..H.9.z....
      00F0: BC 54 68 FD E4 A6 BE 9B 25 39 AC 71 0D 7F CE 9D .Th.....%9.q....
      0100: 7B 03 33 A9 F9 33 51 BF BF 11 B0 FE 3B 9A 76 E8 ..3..3Q.....;.v.
      0110: 5C AA
      Client Principal = HTTP/cumpu553.company.nl@COMPANY.NL
      Server Principal = krbtgt/COMPANY.NL@COMPANY.NL
      Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 0D 0A D7 AE D2 19 D7 71 0A 71 78 83 C9 DB 7D 1A .......q.qx.....


      Forwardable Ticket false
      Forwarded Ticket false
      Proxiable Ticket false
      Proxy Ticket false
      Postdated Ticket false
      Renewable Ticket false
      Initial Ticket false
      Auth Time = Wed Aug 12 13:24:38 CEST 2009
      Start Time = Wed Aug 12 13:24:38 CEST 2009
      End Time = Wed Aug 12 23:24:38 CEST 2009
      Renew Till = null
      Client Addresses Null
      Private Credential: Kerberos Principal HTTP/cumpu553.company.nl@COMPANY.NLKey Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 4F 2D BC 41 0D 62 78 62 C8 A0 E7 DC C7 A4 19 78 O-.A.bxb.......x



      2009-08-12 13:24:38,544 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Logged in 'host' LoginContext
      2009-08-12 13:24:38,544 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Creating new GSSContext.
      2009-08-12 13:24:38,544 INFO [STDOUT] Found key for HTTP/cumpu553.company.nl@COMPANY.NL(23)
      2009-08-12 13:24:38,544 INFO [STDOUT] Entered Krb5Context.acceptSecContext with state=STATE_NEW
      2009-08-12 13:24:38,544 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      2009-08-12 13:24:38,559 INFO [STDOUT] Using builtin default etypes for permitted_enctypes
      2009-08-12 13:24:38,559 INFO [STDOUT] default etypes for permitted_enctypes:
      2009-08-12 13:24:38,559 INFO [STDOUT] 3
      2009-08-12 13:24:38,559 INFO [STDOUT] 1
      2009-08-12 13:24:38,559 INFO [STDOUT] 23
      2009-08-12 13:24:38,559 INFO [STDOUT] 16
      2009-08-12 13:24:38,559 INFO [STDOUT] 17
      2009-08-12 13:24:38,559 INFO [STDOUT] .
      2009-08-12 13:24:38,559 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      2009-08-12 13:24:38,591 INFO [STDOUT] >>> Config reset default kdc COMPANY.NL
      2009-08-12 13:24:38,591 INFO [STDOUT] replay cache for bob@COMPANY.NL is null.
      2009-08-12 13:24:38,606 INFO [STDOUT] object 0: 1250076278375/375381
      2009-08-12 13:24:38,606 INFO [STDOUT] object 0: 1250076278375/375381
      2009-08-12 13:24:38,606 INFO [STDOUT] >>> KrbApReq: authenticate succeed.
      2009-08-12 13:24:38,606 INFO [STDOUT] Krb5Context setting peerSeqNumber to: 2074095804
      2009-08-12 13:24:38,606 INFO [STDOUT] Krb5Context setting mySeqNumber to: 2074095804
      2009-08-12 13:24:38,606 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getCredDelegState() = false
      2009-08-12 13:24:38,606 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getMutualAuthState() = false
      2009-08-12 13:24:38,606 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getSrcName() = bob@COMPANY.NL
      2009-08-12 13:24:38,606 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Result - true
      2009-08-12 13:24:38,606 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Storing username 'bob@COMPANY.NL' and empty password
      2009-08-12 13:24:38,606 INFO [STDOUT] [Krb5LoginModule]: Entering logout
      2009-08-12 13:24:38,606 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
      2009-08-12 13:24:38,606 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] super.loginOk true
      2009-08-12 13:24:38,606 TRACE [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] initialize, instance=@30959301
      2009-08-12 13:24:38,606 TRACE [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] Security domain: SPNEGO
      2009-08-12 13:24:38,606 TRACE [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] Using GSSAPI to connect to LDAP
      2009-08-12 13:24:38,606 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(host), size=9
      2009-08-12 13:24:38,606 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:name=debug, value=true
      name=useKeyTab, value=true
      name=keyTab, value=c:\webserver.keytab
      name=storeKey, value=true
      name=principal, value=HTTP/cumpu553.company.nl@COMPANY.NL
      name=doNotPrompt, value=true

      2009-08-12 13:24:38,606 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is c:\webserver.keytab refreshKrb5Config is false principal is HTTP/cumpu553.company.nl@COMPANY.NL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
      2009-08-12 13:24:38,606 INFO [STDOUT] Added key: 23version: 4
      2009-08-12 13:24:38,606 INFO [STDOUT] Ordering keys wrt default_tkt_enctypes list
      2009-08-12 13:24:38,606 INFO [STDOUT] Using builtin default etypes for default_tkt_enctypes
      2009-08-12 13:24:38,606 INFO [STDOUT] default etypes for default_tkt_enctypes:
      2009-08-12 13:24:38,606 INFO [STDOUT] 3
      2009-08-12 13:24:38,606 INFO [STDOUT] 1
      2009-08-12 13:24:38,606 INFO [STDOUT] 23
      2009-08-12 13:24:38,606 INFO [STDOUT] 16
      2009-08-12 13:24:38,606 INFO [STDOUT] 17
      2009-08-12 13:24:38,606 INFO [STDOUT] .
      2009-08-12 13:24:38,622 INFO [STDOUT] principal's key obtained from the keytab
      2009-08-12 13:24:38,622 INFO [STDOUT] Acquire TGT using AS Exchange
      2009-08-12 13:24:38,622 INFO [STDOUT] Using builtin default etypes for default_tkt_enctypes
      2009-08-12 13:24:38,622 INFO [STDOUT] default etypes for default_tkt_enctypes:
      2009-08-12 13:24:38,622 INFO [STDOUT] 3
      2009-08-12 13:24:38,622 INFO [STDOUT] 1
      2009-08-12 13:24:38,622 INFO [STDOUT] 23
      2009-08-12 13:24:38,622 INFO [STDOUT] 16
      2009-08-12 13:24:38,622 INFO [STDOUT] 17
      2009-08-12 13:24:38,622 INFO [STDOUT] .
      2009-08-12 13:24:38,622 INFO [STDOUT] >>> KrbAsReq calling createMessage
      2009-08-12 13:24:38,622 INFO [STDOUT] >>> KrbAsReq in createMessage
      2009-08-12 13:24:38,622 INFO [STDOUT] >>> KrbKdcReq send: kdc=cumpu552.company.nl UDP:88, timeout=30000, number of retries =3, #bytes=152
      2009-08-12 13:24:38,622 INFO [STDOUT] >>> KDCCommunication: kdc=cumpu552.company.nl UDP:88, timeout=30000,Attempt =1, #bytes=152
      2009-08-12 13:24:38,622 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=601
      2009-08-12 13:24:38,622 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=601
      2009-08-12 13:24:38,622 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      2009-08-12 13:24:38,622 INFO [STDOUT] >>> KrbAsRep cons in KrbAsReq.getReply HTTP/cumpu553.company.nl
      2009-08-12 13:24:38,622 INFO [STDOUT] principal is HTTP/cumpu553.company.nl@COMPANY.NL
      2009-08-12 13:24:38,637 INFO [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 4F 2D BC 41 0D 62 78 62 C8 A0 E7 DC C7 A4 19 78 O-.A.bxb.......x
      2009-08-12 13:24:38,637 INFO [STDOUT] Added server's keyKerberos Principal HTTP/cumpu553.company.nl@COMPANY.NLKey Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 4F 2D BC 41 0D 62 78 62 C8 A0 E7 DC C7 A4 19 78 O-.A.bxb.......x
      2009-08-12 13:24:38,637 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal HTTP/cumpu553.company.nl@COMPANY.NL to Subject
      2009-08-12 13:24:38,637 INFO [STDOUT] Commit Succeeded
      2009-08-12 13:24:38,637 DEBUG [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] Subject = Subject:
      Principal: HTTP/cumpu553.company.nl@COMPANY.NL
      Private Credential: Ticket (hex) =
      0000: 61 82 01 0E 30 82 01 0A A0 03 02 01 05 A1 0C 1B a...0...........
      0010: 0A 47 41 53 55 4E 49 45 2E 4E 4C A2 1F 30 1D A0 .COMPANY.NL..0..
      0020: 03 02 01 02 A1 16 30 14 1B 06 6B 72 62 74 67 74 ......0...krbtgt
      0030: 1B 0A 47 41 53 55 4E 49 45 2E 4E 4C A3 81 D3 30 ..COMPANY.NL...0
      0040: 81 D0 A0 03 02 01 17 A1 03 02 01 02 A2 81 C3 04 ................
      0050: 81 C0 55 61 B4 53 CF 72 A5 74 52 14 CC DC BF EB ..Ua.S.r.tR.....
      0060: A7 3D 40 95 D1 9D 05 9E 4B 77 02 2A 57 50 67 09 .=@.....Kw.*WPg.
      0070: 23 8A 28 69 CD 57 42 D6 24 B0 C0 6E 94 F0 56 A0 #.(i.WB.$..n..V.
      0080: 89 07 6C AC A5 C5 B8 87 39 BF B6 74 64 0F 66 4A ..l.....9..td.fJ
      0090: 83 62 DD 3B 35 2B 20 E5 E0 9F 46 19 EC 2B EE F5 .b.;5+ ...F..+..
      00A0: 28 87 6F AE F0 07 E9 94 36 DA 2D D6 13 4F C9 AB (.o.....6.-..O..
      00B0: 9E 10 E7 6B CC 6B 31 15 BD FB 63 FA D1 D8 C1 55 ...k.k1...c....U
      00C0: 0E 45 E4 75 AF 30 F3 90 84 1D 8A A8 16 52 F7 72 .E.u.0.......R.r
      00D0: B5 11 9D A6 33 93 30 8B F0 20 A9 F3 15 9B 5B 67 ....3.0.. ....[g
      00E0: A5 C1 7A 02 C9 96 4F 5C C6 5A 66 F6 A3 2A 82 64 ..z...O\.Zf..*.d
      00F0: 33 93 54 E6 86 AF E1 38 D0 02 2C 39 E5 AC FD C1 3.T....8..,9....
      0100: 3D 19 6C C3 0F 54 2F 66 0F 67 E6 2F 63 B5 1A BC =.l..T/f.g./c...
      0110: 9C 4E
      Client Principal = HTTP/cumpu553.company.nl@COMPANY.NL
      Server Principal = krbtgt/COMPANY.NL@COMPANY.NL
      Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: FC 51 80 90 93 E9 52 68 BC 1A 39 C6 70 DD 72 C1 .Q....Rh..9.p.r.


      Forwardable Ticket false
      Forwarded Ticket false
      Proxiable Ticket false
      Proxy Ticket false
      Postdated Ticket false
      Renewable Ticket false
      Initial Ticket false
      Auth Time = Wed Aug 12 13:24:38 CEST 2009
      Start Time = Wed Aug 12 13:24:38 CEST 2009
      End Time = Wed Aug 12 23:24:38 CEST 2009
      Renew Till = null
      Client Addresses Null
      Private Credential: Kerberos Principal HTTP/cumpu553.company.nl@COMPANY.NLKey Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 4F 2D BC 41 0D 62 78 62 C8 A0 E7 DC C7 A4 19 78 O-.A.bxb.......x



      2009-08-12 13:24:38,637 DEBUG [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] Logged in 'javax.security.auth.login.LoginContext@1fa1ba1' LoginContext
      2009-08-12 13:24:38,637 TRACE [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] login
      2009-08-12 13:24:38,637 TRACE [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] Identity - bob@COMPANY.NL
      2009-08-12 13:24:38,637 TRACE [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleNameAttributeID=cn, password-stacking=useFirstPass, baseCtxDN=cn=users,dc=company,dc=nl, roleAttributeID=memberOf, baseFilter=(krbPrincipalName={0}), jboss.security.security_domain=SPNEGO, bindAuthentication=GSSAPI, java.naming.provider.url=ldap://cumpu552:389, roleAttributeIsDN=true, jaasSecurityDomain=host, java.naming.security.authentication=GSSAPI, recurseRoles=true}
      2009-08-12 13:24:50,653 INFO [STDOUT] Found ticket for HTTP/cumpu553.company.nl@COMPANY.NL to go to krbtgt/COMPANY.NL@COMPANY.NL expiring on Wed Aug 12 23:24:38 CEST 2009
      2009-08-12 13:24:50,653 INFO [STDOUT] Entered Krb5Context.initSecContext with state=STATE_NEW
      2009-08-12 13:24:50,653 INFO [STDOUT] Found ticket for HTTP/cumpu553.company.nl@COMPANY.NL to go to krbtgt/COMPANY.NL@COMPANY.NL expiring on Wed Aug 12 23:24:38 CEST 2009
      2009-08-12 13:24:50,653 INFO [STDOUT] Service ticket not found in the subject
      2009-08-12 13:24:50,653 INFO [STDOUT] >>> Credentials acquireServiceCreds: same realm
      2009-08-12 13:24:50,653 INFO [STDOUT] Using builtin default etypes for default_tgs_enctypes
      2009-08-12 13:24:50,653 INFO [STDOUT] default etypes for default_tgs_enctypes:
      2009-08-12 13:24:50,653 INFO [STDOUT] 3
      2009-08-12 13:24:50,653 INFO [STDOUT] 1
      2009-08-12 13:24:50,653 INFO [STDOUT] 23
      2009-08-12 13:24:50,653 INFO [STDOUT] 16
      2009-08-12 13:24:50,653 INFO [STDOUT] 17
      2009-08-12 13:24:50,653 INFO [STDOUT] .
      2009-08-12 13:24:50,653 INFO [STDOUT] >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
      2009-08-12 13:24:50,653 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      2009-08-12 13:24:50,653 INFO [STDOUT] >>> KrbKdcReq send: kdc=cumpu552.company.nl UDP:88, timeout=30000, number of retries =3, #bytes=609
      2009-08-12 13:24:50,653 INFO [STDOUT] >>> KDCCommunication: kdc=cumpu552.company.nl UDP:88, timeout=30000,Attempt =1, #bytes=609
      2009-08-12 13:24:50,669 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=552
      2009-08-12 13:24:50,669 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=552
      2009-08-12 13:24:50,669 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      2009-08-12 13:24:50,669 INFO [STDOUT] >>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
      2009-08-12 13:24:50,669 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
      2009-08-12 13:24:50,887 INFO [STDOUT] Krb5Context setting mySeqNumber to: 782761167
      2009-08-12 13:24:50,887 INFO [STDOUT] Krb5Context setting peerSeqNumber to: 0
      2009-08-12 13:24:50,887 INFO [STDOUT] Created InitSecContextToken:
      0000: 01 00 6E 82 01 E9 30 82 01 E5 A0 03 02 01 05 A1 ..n...0.........
      0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................
      0020: 05 61 82 01 01 30 81 FE A0 03 02 01 05 A1 0C 1B .a...0..........
      0030: 0A 47 41 53 55 4E 49 45 2E 4E 4C A2 1B 30 19 A0 .COMPANY.NL..0..
      0040: 03 02 01 00 A1 12 30 10 1B 04 6C 64 61 70 1B 08 ......0...ldap..
      0050: 67 75 76 6D 70 35 35 32 A3 81 CB 30 81 C8 A0 03 cumpu552...0....
      0060: 02 01 17 A1 03 02 01 03 A2 81 BB 04 81 B8 A4 72 ...............r
      0070: AE B6 87 17 5F E0 AC 95 95 90 83 B0 E5 5A 6E 29 ...._........Zn)
      0080: 15 CA E1 33 A4 41 60 98 C5 34 C7 CC E0 72 18 51 ...3.A`..4...r.Q
      0090: 21 A5 4B 6E 45 72 F4 50 4A E9 21 62 07 AC D0 7F !.KnEr.PJ.!b....
      00A0: C0 4D E8 B0 13 82 BF 0A 79 42 2D D5 D7 9B 07 FB .M......yB-.....
      00B0: 38 B1 DC 03 CD A9 AF 86 CE CF F4 F1 6A D5 10 54 8...........j..T
      00C0: 9E 3F 27 08 F7 BE 99 45 73 E9 86 92 E2 3C 07 73 .?'....Es....<.s
      00D0: 66 18 C3 62 38 F0 7D D2 F0 EF D1 8C 1C 1B B7 4E f..b8..........N
      00E0: EF 3D BB 5F BE 24 1B CD D0 72 35 BC DD 7C F6 81 .=._.$...r5.....
      00F0: 7A 54 E0 B9 82 A1 51 06 B3 07 FB 3F B7 C0 E9 A2 zT....Q....?....
      0100: F8 E1 03 5F E8 17 CE 73 DF 41 1E 5D 0A BC 10 0C ..._...s.A.]....
      0110: C3 70 EE CA 54 32 F0 F0 2F 1C BD 5F 61 F5 45 E0 .p..T2../.._a.E.
      0120: A8 CE 4A 9C 44 E2 A4 81 C6 30 81 C3 A0 03 02 01 ..J.D....0......
      0130: 03 A2 81 BB 04 81 B8 3E BC CD 82 92 56 8A E9 4B .......>....V..K
      0140: 05 E1 7A 7E 92 C0 67 AA 9E 7D 14 23 BD 16 D8 42 ..z...g....#...B
      0150: 17 E8 F7 6E D5 EA 38 F8 1D C7 E0 B5 D0 94 AA D2 ...n..8.........
      0160: 6B F0 46 22 B4 6A 3D 5D 8C EC 92 49 E8 7E A1 4F k.F".j=]...I...O
      0170: 5A B7 56 55 D6 26 94 35 EA 4A 9F 02 97 71 98 D8 Z.VU.&.5.J...q..
      0180: 58 56 37 2A A4 19 4C 4C B3 11 ED 19 A9 39 A5 04 XV7*..LL.....9..
      0190: 47 BB 31 32 CB F2 FD CE 78 13 D5 4C 9C ED 54 DA G.12....x..L..T.
      01A0: 70 C8 0A 86 44 AA BD 5D 9E 98 29 1F A2 81 28 12 p...D..]..)...(.
      01B0: 41 D4 DA 68 D2 A9 8E AF 7C 9F E9 CE 17 80 82 5C A..h...........\
      01C0: F9 43 DC D8 8B 18 0E CD 57 68 32 84 9F F1 AC 68 .C......Wh2....h
      01D0: EE C7 16 9F 99 42 4E 7A 76 79 7A A6 98 BB A3 53 .....BNzvyz....S
      01E0: C4 BB A4 A6 8B 54 90 4D 29 BF EB 56 9F 38 07 .....T.M)..V.8.
      2009-08-12 13:24:50,903 INFO [STDOUT] Krb5Context.unwrap: token=[60 33 06 09 2a 86 48 86 f7 12 01 02 02 02 01 00 00 ff ff ff ff 67 d3 e6 35 12 40 6e e3 40 10 19 99 25 0e 53 b0 6a dd 3c 8b c4 77 59 11 07 a0 00 00 04 04 04 04 ]
      2009-08-12 13:24:50,903 INFO [STDOUT] Krb5Context.unwrap: data=[07 a0 00 00 ]
      2009-08-12 13:24:50,903 INFO [STDOUT] Krb5Context.wrap: data=[01 01 00 00 ]
      2009-08-12 13:24:50,903 INFO [STDOUT] Krb5Context.wrap: token=[60 33 06 09 2a 86 48 86 f7 12 01 02 02 02 01 00 00 ff ff ff ff 36 7a a9 e4 62 e6 2f 1a 38 d8 01 1b 89 97 74 b9 32 1d 64 6c 8a 40 6f 67 01 01 00 00 04 04 04 04 ]
      2009-08-12 13:24:50,903 DEBUG [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] Obtained LdapContext
      2009-08-12 13:24:50,919 INFO [STDOUT] [Krb5LoginModule]: Entering logout
      2009-08-12 13:24:50,919 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
      2009-08-12 13:24:50,919 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] abort
      2009-08-12 13:24:50,919 TRACE [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] abort
      2009-08-12 13:24:50,919 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] Login failure
      javax.security.auth.login.LoginException: Unable to find user DN
      at org.jboss.security.negotiation.AdvancedLdapLoginModule.findUserDN(AdvancedLdapLoginModule.java:528)
      at org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:343)
      at org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:734)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.Subject.doAs(Subject.java:337)
      at org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:279)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
      at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
      at java.lang.Thread.run(Thread.java:595)
      Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'cn=users,dc=company,dc=nl'
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3025)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
      at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1748)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
      at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
      at org.jboss.security.negotiation.AdvancedLdapLoginModule.findUserDN(AdvancedLdapLoginModule.java:505)
      ... 31 more
      2009-08-12 13:24:50,919 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] End isValid, false
      2009-08-12 13:24:50,919 TRACE [org.jboss.security.negotiation.common.MessageTrace.Response.Base64] oQIwAA==
      2009-08-12 13:24:50,919 TRACE [org.jboss.security.negotiation.common.NegotiationContext] clear 33323834
      2009-08-12 13:24:50,919 TRACE [org.jboss.security.SecurityAssociation] clear, server=true


      I saw a similar post but no solution to this problem.

      Any help would be greatly appreciated.

      TD403

        • 1. Re: Problem with Negotiation-toolkit with LDAP

          I had the same problem a while back, but I can't recall what I did to fix it.

          I believe I unchecked "Do not require Kerberos preauthentication" on the user account.

          • 2. Re: Problem with Negotiation-toolkit with LDAP
            td403

            Hi nulltransfer.

            I tried unchecking preauthentication but to no
            avail.
            If you do remember, I'd really be glad to
            hear it.

            TD403

            • 3. Re: Problem with Negotiation-toolkit with LDAP

              After unchecking preauth, you have to regen your keytab. You also may want to check if your server supports GSSAPI.

              4> supportedSASLMechanisms: GSSAPI; GSS-SPENGO; EXTERNAL; DIGEST-MD5;


              If that doesn't work, your other option is to change it back to the way it was, and to change your auth method from "GSSAPI" to "Simple" and to add a fixed username and password to initiate the LDAP bind.

              • 4. Re: Problem with Negotiation-toolkit with LDAP

                I just realized that I didnt' read your entire stack trace. I didn't see your other exception several lines above.

                javax.security.auth.login.LoginException: Continuation Required.

                Apparently, you are failing at the SPNEGOLoginModule and not the AdvancedLdapLoginModule. It also appears that some of your configuration is wrong, as I see you are pointing to the wrong AdvancedLadpLoginModule class.

                2009-08-12 13:24:38,481 WARN [org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule] 'org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule' is deprecated, use 'org.jboss.security.negotiation.AdvancedLdapLoginModule' instead.


                Please post the rest of your configurations (especially your login-config).

                • 5. Re: Problem with Negotiation-toolkit with LDAP
                  td403

                  Hi nulltransfer

                  login-config:

                  <?xml version='1.0'?>
                  <!DOCTYPE policy PUBLIC
                  "-//JBoss//DTD JBOSS Security Config 3.0//EN"
                  "http://www.jboss.org/j2ee/dtd/security_config.dtd">

                  <!-- The XML based JAAS login configuration read by the
                  org.jboss.security.auth.login.XMLLoginConfig mbean. Add
                  an application-policy element for each security domain.

                  The outline of the application-policy is:
                  <application-policy name="security-domain-name">

                  <login-module code="login.module1.class.name" flag="control_flag">
                  <module-option name = "option1-name">option1-value</module-option>
                  <module-option name = "option2-name">option2-value</module-option>
                  ...
                  </login-module>

                  <login-module code="login.module2.class.name" flag="control_flag">
                  ...
                  </login-module>
                  ...

                  </application-policy>

                  $Revision: 64598 $
                  -->


                  <!-- Used by clients within the application server VM such as
                  mbeans and servlets that access EJBs.
                  -->
                  <application-policy name = "client-login">

                  <login-module code = "org.jboss.security.ClientLoginModule"
                  flag = "required">
                  <!-- Any existing security context will be restored on logout -->
                  <module-option name="restore-login-identity">true</module-option>
                  </login-module>

                  </application-policy>

                  <!-- Security domain for JBossMQ -->
                  <application-policy name = "jbossmq">

                  <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
                  flag = "required">
                  <module-option name = "unauthenticatedIdentity">guest</module-option>
                  <module-option name = "dsJndiName">java:/DefaultDS</module-option>
                  <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
                  <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
                  </login-module>

                  </application-policy>

                  <!-- Security domain for JBossMQ when using file-state-service.xml
                  <application-policy name = "jbossmq">

                  <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
                  flag = "required">
                  <module-option name = "unauthenticatedIdentity">guest</module-option>
                  <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
                  </login-module>

                  </application-policy>
                  -->

                  <!-- Security domains for testing new jca framework -->
                  <application-policy name = "HsqlDbRealm">

                  <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
                  flag = "required">
                  <module-option name = "principal">sa</module-option>
                  <module-option name = "userName">sa</module-option>
                  <module-option name = "password"></module-option>
                  <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
                  </login-module>

                  </application-policy>

                  <application-policy name = "JmsXARealm">

                  <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
                  flag = "required">
                  <module-option name = "principal">guest</module-option>
                  <module-option name = "userName">guest</module-option>
                  <module-option name = "password">guest</module-option>
                  <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
                  </login-module>

                  </application-policy>

                  <!-- A template configuration for the jmx-console web application. This
                  defaults to the UsersRolesLoginModule the same as other and should be
                  changed to a stronger authentication mechanism as required.
                  -->
                  <application-policy name = "jmx-console">

                  <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                  flag = "required">
                  <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
                  <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
                  </login-module>

                  </application-policy>

                  <!-- A template configuration for the web-console web application. This
                  defaults to the UsersRolesLoginModule the same as other and should be
                  changed to a stronger authentication mechanism as required.
                  -->
                  <application-policy name = "web-console">

                  <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                  flag = "required">
                  <module-option name="usersProperties">web-console-users.properties</module-option>
                  <module-option name="rolesProperties">web-console-roles.properties</module-option>
                  </login-module>

                  </application-policy>

                  <!--
                  A template configuration for the JBossWS security domain.
                  This defaults to the UsersRolesLoginModule the same as other and should be
                  changed to a stronger authentication mechanism as required.
                  -->
                  <application-policy name="JBossWS">

                  <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                  flag="required">
                  <module-option name="usersProperties">props/jbossws-users.properties</module-option>
                  <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
                  <module-option name="unauthenticatedIdentity">anonymous</module-option>
                  </login-module>

                  </application-policy>

                  <!-- The default login configuration used by any security domain that
                  does not have a application-policy entry with a matching name
                  -->
                  <application-policy name = "other">
                  <!-- A simple server login module, which can be used when the number
                  of users is relatively small. It uses two properties files:
                  users.properties, which holds users (key) and their password (value).
                  roles.properties, which holds users (key) and a comma-separated list of
                  their roles (value).
                  The unauthenticatedIdentity property defines the name of the principal
                  that will be used when a null username and password are presented as is
                  the case for an unuathenticated web client or MDB. If you want to
                  allow such users to be authenticated add the property, e.g.,
                  unauthenticatedIdentity="nobody"
                  -->

                  <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
                  flag = "required" />

                  </application-policy>
                  <application-policy name="host">

                  <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
                  <module-option name="storeKey">true</module-option>
                  <module-option name="useKeyTab">true</module-option>
                  <module-option name="principal">HTTP/cumpu553.company.nl@COMPANY.NL</module-option>
                  <module-option name="keyTab">c:\webserver.keytab</module-option>
                  <module-option name="doNotPrompt">true</module-option>
                  <module-option name="debug">true</module-option>
                  </login-module>

                  </application-policy>
                  <application-policy name="SPNEGO">

                  <login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="requisite">
                  <module-option name="password-stacking">useFirstPass</module-option>
                  <module-option name="serverSecurityDomain">host</module-option>
                  </login-module>
                  <login-module code="org.jboss.security.negotiation.spnego.AdvancedLdapLoginModule" flag="required">
                  <module-option name="password-stacking">useFirstPass</module-option>
                  <module-option name="bindAuthentication">GSSAPI</module-option>
                  <module-option name="jaasSecurityDomain">host</module-option>
                  <module-option name="java.naming.provider.url">ldap://cumpu552:389</module-option>
                  <module-option name="baseCtxDN">cn=users,dc=company,dc=nl</module-option>
                  <module-option name="baseFilter">(krbPrincipalName={0})</module-option>
                  <module-option name="roleAttributeID">memberOf</module-option>
                  <module-option name="roleAttributeIsDN">true</module-option>
                  <module-option name="roleNameAttributeID">cn</module-option>
                  <module-option name="recurseRoles">true</module-option>
                  </login-module>

                  </application-policy>


                  jboss-service.xml:

                  <?xml version="1.0" encoding="UTF-8"?>
                  <!-- $Id: jboss-service.xml 75558 2008-07-09 16:50:17Z bstansberry@jboss.com $ -->


                  <!-- JBossWeb Service-->
                  <mbean code="org.jboss.web.tomcat.service.JBossWeb"
                  name="jboss.web:service=WebServer" xmbean-dd="META-INF/webserver-xmbean.xml">

                  <!-- You can configure a set of authenticators keyed by http-auth method used. This
                  will apply the same set of authenticators across all web applications. You can
                  override the set of authenticators at the web application level by adding
                  element to the respective jboss-web.xml -->
                  <!--
                  -->

                  <java:properties xmlns:java="urn:jboss:java-properties"
                  xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
                  xs:schemaLocation="urn:jboss:java-properties resource:java-properties_1_0.xsd">
                  <java:property>
                  <java:key>BASIC</java:key>
                  <java:value>org.apache.catalina.authenticator.BasicAuthenticator</java:value>
                  </java:property>
                  <java:property>
                  <java:key>CLIENT-CERT</java:key>
                  <java:value>org.apache.catalina.authenticator.SSLAuthenticator</java:value>
                  </java:property>
                  <java:property>
                  <java:key>DIGEST</java:key>
                  <java:value>org.apache.catalina.authenticator.DigestAuthenticator</java:value>
                  </java:property>
                  <java:property>
                  <java:key>FORM</java:key>
                  <java:value>org.apache.catalina.authenticator.FormAuthenticator</java:value>
                  </java:property>
                  <java:property>
                  <java:key>NONE</java:key>
                  <java:value>org.apache.catalina.authenticator.NonLoginAuthenticator</java:value>
                  </java:property>
                  <java:property>
                  <java:key>SPNEGO</java:key>
                  <java:value>org.jboss.security.negotiation.spnego.SPNEGOAuthenticator</java:value>
                  </java:property>
                  </java:properties>


                  <!-- The JAAS security domain to use in the absense of an explicit
                  security-domain specification in the war WEB-INF/jboss-web.xml
                  -->
                  java:/jaas/other

                  <!-- Get the flag indicating if the normal Java2 parent first class
                  loading model should be used over the servlet 2.3 web container first
                  model.
                  -->
                  false
                  <!-- A flag indicating if the JBoss Loader should be used. This loader
                  uses a unified class loader as the class loader rather than the tomcat
                  specific class loader.
                  The default is false to ensure that wars have isolated class loading
                  for duplicate jars and jsp files.
                  -->
                  false
                  <!-- The list of package prefixes that should not be loaded without
                  delegating to the parent class loader before trying the web app
                  class loader. The packages listed here are those tha are used by
                  the web container implementation and cannot be overriden. The format
                  is a comma separated list of the package names. There cannot be any
                  whitespace between the package prefixes.
                  This setting only applies when UseJBossWebLoader=false.
                  -->
                  javax.servlet

                  true

                  <!--Flag to delete the Work Dir on Context Destroy -->
                  false

                  <!--
                  Class of the session manager (used if context is marked as 'distributable'. Currently allowed values:
                  - org.jboss.web.tomcat.service.session.JBossCacheManager
                  -->
                  org.jboss.web.tomcat.service.session.JBossCacheManager

                  <!-- The name of the request attribute under with the authenticated JAAS
                  Subject is stored on successful authentication. If null or empty then
                  the Subject will not be stored.
                  -->
                  <!--
                  j_subject
                  -->

                  <!-- The SessionIdAlphabet is the set of characters used to create a session Id
                  It must be made up of exactly 65 unique characters
                  ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-*
                  -->

                  <!--
                  *******************************************************
                  ****************** CLUSTERING *************************
                  *******************************************************
                  In order to activate HTTP Session clustering for Tomcat
                  make sure you run JBoss's "all" configuration i.e.
                  "run -c all"
                  (the default configuration doesn't contain clustering)

                  Furthermore, you may change SnapshotMode and
                  SnapshotInterval attributes below to indicate when to
                  synchronize changes with the other node(s).

                  If you use Apache+mod_jk(2) you will most probably use
                  the AJP1.3 connector below. Thus, if you so wish,
                  you may comment (i.e. deactivate) the HTTP connector
                  as it won't be used anymore.

                  *******************************************************
                  *******************************************************
                  *******************************************************
                  -->

                  <!--
                  If you are using clustering, the following two attributes
                  define when the sessions are replicated to the other nodes.
                  The default value, "instant", synchronously replicates changes
                  to the other nodes at the end of requests. In this case, the
                  "SnapshotInterval" attribute is not used.
                  The "interval" mode, in association with the "SnapshotInterval"
                  attribute, indicates that modified sessions will only be replicated
                  every "SnapshotInterval" milliseconds at most.

                  Note that this attribute is not in effect if the replication-granularity
                  is set to FIELD. If it is FIELD, it will be per http request (that is,
                  "instant" mode.)
                  -->
                  instant <!-- you may switch to "interval" -->
                  2000

                  <!--
                  Whether to use MOD_JK(2) for load balancing with sticky session
                  combined with JvmRoute. If set to true, it will insert a JvmRouteFilter
                  to intercept every request and replace the JvmRoute if it detects a
                  failover. In addition, you will need to set the JvmRoute inside
                  Tomcat, e.g.,
                  Engine name="jboss.web" jmvRoute="Node1" defaultHost="localhost"
                  in server.xml.

                  For clustering purpose only.
                  -->
                  false

                  <!--
                  Clustering only: Determines the maximum interval between requests, in
                  seconds, after which a request will trigger replication of the session's
                  timestamp and other metadata regardless of whether the request has otherwise
                  made the session dirty. Such replication ensures that other nodes in the
                  cluster are aware of the most recent value for the session's timestamp
                  and won't incorrectly expire an unreplicated session upon failover. It also
                  results in correct values for HttpSession.getLastAccessedTime() calls
                  following failover.

                  The cost of this metadata replication depends on the configured
                  replication-granularity. With SESSION, the session's
                  attribute map is replicated along with the metadata, so it can be fairly
                  costly. With other granularities, the metadata object is replicated
                  separately from the attributes and only contains a String, and a few longs,
                  ints and booleans.

                  A value of 0 means the metadata will be replicated whenever the session is
                  accessed. A value of -1 means the metadata will be replicated only if some
                  other activity during the request (e.g. modifying an attribute) has
                  resulted in other replication work involving the session. A positive value
                  greater than the HttpSession.getMaxInactiveInterval() value will be treated
                  as a likely misconfiguration and converted to 0; i.e. replicate the
                  metadata on every request.

                  Default value if unconfigured is 60 seconds.
                  -->
                  60

                  jboss.web

                  <!-- A mapping to the server security manager service which must be
                  operation compatible with type
                  org.jboss.security.plugins.JaasSecurityManagerServiceMBean. This is only
                  needed if web applications are allowed to flush the security manager
                  authentication cache when the web sessions invalidate.
                  -->
                  <depends optional-attribute-name="SecurityManagerService"
                  proxy-type="attribute">jboss.security:service=JaasSecurityManager


                  <!--
                  Needed if using HTTP Session Clustering or if the
                  ClusteredSingleSignOn valve is enabled in the tomcat server.xml file
                  -->
                  <!--
                  jboss.cache:service=TomcatClusteringCache
                  -->

                  jboss:service=TransactionManager

                  <!-- Only needed if the org.jboss.web.tomcat.service.jca.CachedConnectionValve
                  is enabled in the tomcat server.xml file.
                  -->
                  jboss.jca:service=CachedConnectionManager






                  run.bat:

                  C:\jboss-4.2.3.GA\bin\run.bat -b 0.0.0.0 -Djava.security.krb5.realm=COMPANY.NL -Djava.security.krb5.kdc=compu552.company.nl -Dsun.security.krb5.debug=true

                  properties-service:

                  <?xml version="1.0" encoding="UTF-8"?>
                  <!DOCTYPE server>
                  <!-- $Id: properties-service.xml 16662 2003-08-27 04:38:22Z patriot1burke $ -->



                  <!-- ==================================================================== -->
                  <!-- PropertyEditorManager Service -->
                  <!-- ==================================================================== -->

                  <!--
                  | Allows access to the PropertyEditorManager, which is used when setting
                  | MBean attribute values from configuration.
                  -->



                  <!--
                  | Register and editor for each of the type_name=editor_type_name listed
                  | in properties file style convetion.


                  java.net.URL=my.project.editors.URLPropertyEditor


                  -->




                  <!-- ==================================================================== -->
                  <!-- System Properties Service -->
                  <!-- ==================================================================== -->

                  <!--
                  | Allows rich access to system properties.
                  -->



                  java.security.krb5.kdc=cumpu552.company.nl
                  java.security.krb5.realm=COMPANY.NL

                  <!--
                  | Load properties from each of the given comma seperated URLs


                  http://somehost/some-location.properties,
                  ./conf/somelocal.properties


                  -->

                  <!--
                  | Set raw properties file style properties.



                  my.project.property=This is the value of my property
                  my.project.anotherProperty=This is the value of my other property



                  -->





                  I hope this helps.
                  Thanks for all your help.

                  • 6. Re: Problem with Negotiation-toolkit with LDAP

                    Lets begin by testing your keytab file.

                    Create a text file in C:\windows\krb5.ini with the following contents:

                    [libdefaults]
                    default_realm = COMPANY.NL
                    dns_lookup_realm = false
                    dns_lookup_kdc = false
                    default_tkt_enctypes=RC4-HMAC
                    default_tgs_enctypes=RC4-HMAC
                    
                    [realms]
                    COMPANY.NL = {
                    kdc = 5.21.8.10
                    admin_server = 127.0.0.1
                    default_domain = COMPANY.NL
                    }
                    
                    [domain_realm]
                    .company.nl = COMPANY.NL
                    company.nl = COMPANY.NL
                    
                    [appdefaults]
                    autologin = true
                    forward = true
                    forwardable = true
                    encrypt = true
                    


                    Edit the above contents to match your system.

                    Then open command prompt, and browser to your JAVA_HOME\bin. Run the following command using kinit.exe:

                    Kinit <kerberos principal name>
                    

                    e.g. kinit myuser@mycompany.nl It will then prompt you for a password.


                    If that works, then test your keytab file by running the below command:

                    Kinit –k -t <keytab output path> <kerberos principal name>
                    


                    If your keytab is correct, you should get "new ticket stored in cache".


                    • 7. Re: Problem with Negotiation-toolkit with LDAP
                      td403

                      It seems my virtual machines have crashed.
                      I will have to rebuild the environment and will
                      probably takes some time.
                      I'll post when it's done.
                      Thanks for all your help nulltransfer.

                      TD403

                      • 8. Re: Problem with Negotiation-toolkit with LDAP
                        td403

                        Hi nulltransfer.
                        I've recreated the systems and tried the kinit
                        command but get a checksum failed error.
                        I've followed the instructions on http://www.jboss.org/community/wiki/ConfiguringJBossNegotiationinanallWindowsDomain
                        Also, now Basic Negotiation on the tool kit does not work, onlySecurity Domain works.
                        Any ideas?

                        thanks

                        • 9. Re: Problem with Negotiation-toolkit with LDAP
                          td403

                          Hi nulltransfer.
                          I've reset the principal user's password and now Basic and Security Domain work.
                          The Kinit <kerberos principal name> works.
                          I don't understand the Kinit –k -t <keytab output path> <kerberos principal name> command.
                          The Secured test has the same problëm,
                          Login failure
                          javax.security.auth.login.LoginException: Continuation Required.

                          and
                          Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'cn=users,dc=company,dc=nl'


                          Cheers