0 Replies Latest reply on May 13, 2010 8:34 AM by Selvakumar S

    Unable to create LDAPContext using GSSAPI in Window Server 2008

    Selvakumar S Newbie

      Hi All,

         I have following error while creating the LDAP Context for the user that have authenticated using KRB5LoginMOdule. This error occurs after the KRB5LoginModule is suceeded. I have same setup in the window server 2003 that works fine.

       

       

       

      My Configuration is

       

       

      <application-policy name="host">

         <authentication>

            <login-module code="com.sun.security.auth.module.Krb5LoginModule"

               flag="required">

               <module-option name="storeKey">true</module-option>

               <module-option name="useKeyTab">true</module-option>                                                    

               <module-option name="principal">HTTP/test14.test2008.com@test2008.com</module-option>            

               <module-option name="keyTab">C:\prakash\jbossservice.keytab</module-option>

               <module-option name="isInitiator">false</module-option>

               <module-option name="doNotPrompt">true</module-option>

               <module-option name="debug">true</module-option>

            </login-module>

         </authentication>  

      </application-policy>

       

      <application-policy name="SPNEGO"> 

          <authentication>

            <login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="requisite">

               <module-option name="password-stacking">useFirstPass</module-option>

               <module-option name="serverSecurityDomain">host</module-option>

            </login-module>

             <login-module code="org.jboss.security.negotiation.AdvancedLdapLoginModule" flag="required">

              <module-option name="password-stacking">useFirstPass</module-option>

              <module-option name="bindAuthentication">GSSAPI</module-option>

              <module-option name="jaasSecurityDomain">host</module-option>

              <module-option name="java.naming.provider.url">ldap://test24.test2008.com:389</module-option>

              <module-option name="baseCtxDN">CN=Users,DC=TEST2008,DC=COM</module-option>

              <module-option name="baseFilter">(userPrincipalName={0})</module-option>

              <module-option name="roleAttributeID">memberOf</module-option>

              <module-option name="roleAttributeIsDN">true</module-option>

              <module-option name="roleNameAttributeID">cn</module-option>

              <module-option name="recurseRoles">true</module-option>

              <module-option name="debug">true</module-option>

              <module-option name="javax.security.sasl.server.authentication">true</module-option>

              </login-module>

           </authentication>

      </application-policy>

       

      and

      while running the run.bat - i have set the following

      -Djava.security.krb5.realm=test2008.com -Djava.security.krb5.kdc=test24.test2008.com

       

      The error that i have got is

      LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule

      ControlFlag: LoginModuleControlFlag: requisite

      Options:name=serverSecurityDomain, value=host

      name=password-stacking, value=useFirstPass

      [1]

      LoginModule Class: org.jboss.security.negotiation.AdvancedLdapLoginModule

      ControlFlag: LoginModuleControlFlag: required

      Options:name=javax.security.sasl.server.authentication, value=true

      name=bindAuthentication, value=GSSAPI

      name=baseFilter, value=(userPrincipalName={0})

      name=jaasSecurityDomain, value=host

      name=java.naming.provider.url, value=ldap://test24.test2008.com:389

      name=recurseRoles, value=true

      name=roleNameAttributeID, value=cn

      name=debug, value=true

      name=roleAttributeIsDN, value=true

      name=baseCtxDN, value=CN=Users,DC=TEST2008,DC=COM

      name=roleAttributeID, value=memberOf

      name=password-stacking, value=useFirstPass

       

      2010-05-13 17:47:59,742 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] initialize, instance=@1103780712

      2010-05-13 17:47:59,742 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Security domain: SPNEGO

      2010-05-13 17:47:59,742 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] serverSecurityDomain=host

      2010-05-13 17:47:59,742 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] login

      2010-05-13 17:47:59,742 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(host), size=10

      2010-05-13 17:47:59,743 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:

      [0]

      LoginModule Class: com.sun.security.auth.module.Krb5LoginModule

      ControlFlag: LoginModuleControlFlag: required

      Options:name=isInitiator, value=false

      name=principal, value=HTTP/test14.test2008.com@test2008.com

      name=useKeyTab, value=true

      name=storeKey, value=true

      name=keyTab, value=C:\prakash\jbossservice.keytab

      name=debug, value=true

      name=doNotPrompt, value=true

       

      2010-05-13 17:47:59,743 INFO  [STDOUT] Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is C:\prakash\jbossservice.keytab refreshKrb5Config is false principal is HTTP/test14.test2008.com@test2008.com tryFirstPass is false useFirstPass is false storePass is false clearPass is false

      2010-05-13 17:47:59,744 INFO  [STDOUT] principal's key obtained from the keytab

      2010-05-13 17:47:59,744 INFO  [STDOUT] principal is HTTP/test14.test2008.com@test2008.com

      2010-05-13 17:47:59,745 INFO  [STDOUT] EncryptionKey: keyType=17 keyBytes (hex dump)=0000: 50 B0 F9 57 BA 68 52 7F   A6 14 DD B4 48 B1 14 90  P..W.hR.....H...

      2010-05-13 17:47:59,745 INFO  [STDOUT] EncryptionKey: keyType=16 keyBytes (hex dump)=0000: 5D 40 F7 13 9B 2C B3 CE   57 DF 2F E5 F7 FE 37 E9  ]@...,..W./...7.

      0010: D3 32 9B 83 1C 13 E6 80  

      2010-05-13 17:47:59,746 INFO  [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: B6 EB 7B DC 22 7A 3B 36   4A A6 84 C0 7E 58 48 D8  ...."z;6J....XH.

      2010-05-13 17:47:59,746 INFO  [STDOUT] EncryptionKey: keyType=1 keyBytes (hex dump)=0000: BA 9D 6B 0D AB 58 26 FE  

      2010-05-13 17:47:59,747 INFO  [STDOUT] EncryptionKey: keyType=3 keyBytes (hex dump)=0000: BA 9D 6B 0D AB 58 26 FE  

      2010-05-13 17:47:59,748 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=17 keyBytes (hex dump)=

      0000: 50 B0 F9 57 BA 68 52 7F   A6 14 DD B4 48 B1 14 90  P..W.hR.....H...

      2010-05-13 17:47:59,748 INFO  [STDOUT]         [Krb5LoginModule] added Krb5Principal  HTTP/test14.test2008.com@test2008.com to Subject

      2010-05-13 17:47:59,749 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=16 keyBytes (hex dump)=

      0000: 5D 40 F7 13 9B 2C B3 CE   57 DF 2F E5 F7 FE 37 E9  ]@...,..W./...7.

      0010: D3 32 9B 83 1C 13 E6 80  

      2010-05-13 17:47:59,750 INFO  [STDOUT]         [Krb5LoginModule] added Krb5Principal  HTTP/test14.test2008.com@test2008.com to Subject

      2010-05-13 17:47:59,751 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=23 keyBytes (hex dump)=

      0000: B6 EB 7B DC 22 7A 3B 36   4A A6 84 C0 7E 58 48 D8  ...."z;6J....XH.

      2010-05-13 17:47:59,751 INFO  [STDOUT]         [Krb5LoginModule] added Krb5Principal  HTTP/test14.test2008.com@test2008.com to Subject

      2010-05-13 17:47:59,751 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=1 keyBytes (hex dump)=

      0000: BA 9D 6B 0D AB 58 26 FE  

      2010-05-13 17:47:59,751 INFO  [STDOUT]         [Krb5LoginModule] added Krb5Principal  HTTP/test14.test2008.com@test2008.com to Subject

      2010-05-13 17:47:59,752 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=3 keyBytes (hex dump)=

      0000: BA 9D 6B 0D AB 58 26 FE  

      2010-05-13 17:47:59,752 INFO  [STDOUT]         [Krb5LoginModule] added Krb5Principal  HTTP/test14.test2008.com@test2008.com to Subject

      2010-05-13 17:47:59,752 INFO  [STDOUT] Commit Succeeded

      2010-05-13 17:47:59,754 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Subject = Subject:

          Principal: HTTP/test14.test2008.com@test2008.com

          Private Credential: Kerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=17 keyBytes (hex dump)=

      0000: 50 B0 F9 57 BA 68 52 7F   A6 14 DD B4 48 B1 14 90  P..W.hR.....H...

       

       

          Private Credential: Kerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=16 keyBytes (hex dump)=

       

      0000: 5D 40 F7 13 9B 2C B3 CE   57 DF 2F E5 F7 FE 37 E9  ]@...,..W./...7.

       

      0010: D3 32 9B 83 1C 13 E6 80  

       

          Private Credential: Kerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=23 keyBytes (hex dump)=

      0000: B6 EB 7B DC 22 7A 3B 36   4A A6 84 C0 7E 58 48 D8  ...."z;6J....XH.

       

       

          Private Credential: Kerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=1 keyBytes (hex dump)=

       

      0000: BA 9D 6B 0D AB 58 26 FE  

       

          Private Credential: Kerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=3 keyBytes (hex dump)=

      0000: BA 9D 6B 0D AB 58 26 FE  

       

       

      2010-05-13 17:47:59,754 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Logged in 'host' LoginContext

       

      2010-05-13 17:47:59,754 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Creating new GSSContext.

       

      2010-05-13 17:48:00,248 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getCredDelegState() = true

       

      2010-05-13 17:48:00,249 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getMutualAuthState() = true

       

      2010-05-13 17:48:00,249 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getSrcName() = testuser@TEST2008.COM

       

      2010-05-13 17:48:00,249 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Result - true

       

      2010-05-13 17:48:00,249 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Storing username 'testuser@TEST2008.COM' and empty password

       

      2010-05-13 17:48:00,249 INFO  [STDOUT]         [Krb5LoginModule]: Entering logout

       

      2010-05-13 17:48:00,249 INFO  [STDOUT]         [Krb5LoginModule]: logged out Subject

       

      2010-05-13 17:48:00,249 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] super.loginOk true

       

      2010-05-13 17:48:00,250 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] initialize, instance=@1457398981

       

      2010-05-13 17:48:00,250 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Security domain: SPNEGO

       

      2010-05-13 17:48:00,251 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Using GSSAPI to connect to LDAP

       

      2010-05-13 17:48:00,251 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(host), size=10

       

      2010-05-13 17:48:00,251 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:

       

      [0]

       

      LoginModule Class: com.sun.security.auth.module.Krb5LoginModule

       

      ControlFlag: LoginModuleControlFlag: required

       

      Options:name=isInitiator, value=false

       

      name=principal, value=HTTP/test14.test2008.com@test2008.com

       

      name=useKeyTab, value=true

       

      name=storeKey, value=true

       

      name=keyTab, value=C:\prakash\jbossservice.keytab

       

      name=debug, value=true

       

      name=doNotPrompt, value=true

       

      2010-05-13 17:48:00,252 INFO  [STDOUT] Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is C:\prakash\jbossservice.keytab refreshKrb5Config is false principal is HTTP/test14.test2008.com@test2008.com tryFirstPass is false useFirstPass is false storePass is false clearPass is false

      2010-05-13 17:48:00,252 INFO  [STDOUT] principal's key obtained from the keytab

      2010-05-13 17:48:00,252 INFO  [STDOUT] principal is HTTP/test14.test2008.com@test2008.com

      2010-05-13 17:48:00,253 INFO  [STDOUT] EncryptionKey: keyType=17 keyBytes (hex dump)=0000: 50 B0 F9 57 BA 68 52 7F   A6 14 DD B4 48 B1 14 90  P..W.hR.....H...

      2010-05-13 17:48:00,254 INFO  [STDOUT] EncryptionKey: keyType=16 keyBytes (hex dump)=0000: 5D 40 F7 13 9B 2C B3 CE   57 DF 2F E5 F7 FE 37 E9  ]@...,..W./...7.

      0010: D3 32 9B 83 1C 13 E6 80  

      2010-05-13 17:48:00,254 INFO  [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: B6 EB 7B DC 22 7A 3B 36   4A A6 84 C0 7E 58 48 D8  ...."z;6J....XH.

      2010-05-13 17:48:00,255 INFO  [STDOUT] EncryptionKey: keyType=1 keyBytes (hex dump)=0000: BA 9D 6B 0D AB 58 26 FE  

      2010-05-13 17:48:00,255 INFO  [STDOUT] EncryptionKey: keyType=3 keyBytes (hex dump)=0000: BA 9D 6B 0D AB 58 26 FE  

      2010-05-13 17:48:00,256 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=17 keyBytes (hex dump)=

      0000: 50 B0 F9 57 BA 68 52 7F   A6 14 DD B4 48 B1 14 90  P..W.hR.....H...

      2010-05-13 17:48:00,256 INFO  [STDOUT]         [Krb5LoginModule] added Krb5Principal  HTTP/test14.test2008.com@test2008.com to Subject

      2010-05-13 17:48:00,257 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=16 keyBytes (hex dump)=

      0000: 5D 40 F7 13 9B 2C B3 CE   57 DF 2F E5 F7 FE 37 E9  ]@...,..W./...7.

      0010: D3 32 9B 83 1C 13 E6 80  

      2010-05-13 17:48:00,257 INFO  [STDOUT]         [Krb5LoginModule] added Krb5Principal  HTTP/test14.test2008.com@test2008.com to Subject

      2010-05-13 17:48:00,258 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=23 keyBytes (hex dump)=

      0000: B6 EB 7B DC 22 7A 3B 36   4A A6 84 C0 7E 58 48 D8  ...."z;6J....XH.

      2010-05-13 17:48:00,258 INFO  [STDOUT]         [Krb5LoginModule] added Krb5Principal  HTTP/test14.test2008.com@test2008.com to Subject

      2010-05-13 17:48:00,258 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=1 keyBytes (hex dump)=

      0000: BA 9D 6B 0D AB 58 26 FE  

      2010-05-13 17:48:00,259 INFO  [STDOUT]         [Krb5LoginModule] added Krb5Principal  HTTP/test14.test2008.com@test2008.com to Subject

      2010-05-13 17:48:00,259 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=3 keyBytes (hex dump)=

      0000: BA 9D 6B 0D AB 58 26 FE  

      2010-05-13 17:48:00,259 INFO  [STDOUT]         [Krb5LoginModule] added Krb5Principal  HTTP/test14.test2008.com@test2008.com to Subject

      2010-05-13 17:48:00,259 INFO  [STDOUT] Commit Succeeded

      2010-05-13 17:48:00,261 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] Subject = Subject:

          Principal: HTTP/test14.test2008.com@test2008.com

          Private Credential: Kerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=17 keyBytes (hex dump)=

      0000: 50 B0 F9 57 BA 68 52 7F   A6 14 DD B4 48 B1 14 90  P..W.hR.....H...

       

       

          Private Credential: Kerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=16 keyBytes (hex dump)=

       

      0000: 5D 40 F7 13 9B 2C B3 CE   57 DF 2F E5 F7 FE 37 E9  ]@...,..W./...7.

       

      0010: D3 32 9B 83 1C 13 E6 80  

       

          Private Credential: Kerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=23 keyBytes (hex dump)=

      0000: B6 EB 7B DC 22 7A 3B 36   4A A6 84 C0 7E 58 48 D8  ...."z;6J....XH.

       

       

          Private Credential: Kerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=1 keyBytes (hex dump)=

       

      0000: BA 9D 6B 0D AB 58 26 FE  

       

          Private Credential: Kerberos Principal HTTP/test14.test2008.com@test2008.comKey Version 1key EncryptionKey: keyType=3 keyBytes (hex dump)=

      0000: BA 9D 6B 0D AB 58 26 FE  

       

       

      2010-05-13 17:48:00,261 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] Logged in 'javax.security.auth.login.LoginContext@33906773' LoginContext

       

      2010-05-13 17:48:00,262 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] login

       

      2010-05-13 17:48:00,262 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Identity - testuser@TEST2008.COM

       

      2010-05-13 17:48:00,262 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, debug=true, roleNameAttributeID=cn, javax.security.sasl.server.authentication=true, password-stacking=useFirstPass, baseCtxDN=CN=Users,DC=TEST2008,DC=COM, roleAttributeID=memberOf, baseFilter=(userPrincipalName={0}), jboss.security.security_domain=SPNEGO, bindAuthentication=GSSAPI, java.naming.provider.url=ldap://test24.test2008.com:389, roleAttributeIsDN=true, jaasSecurityDomain=host, java.naming.security.authentication=GSSAPI, recurseRoles=true}

       

      2010-05-13 17:48:00,347 INFO  [STDOUT]         [Krb5LoginModule]: Entering logout

       

      2010-05-13 17:48:00,348 INFO  [STDOUT]         [Krb5LoginModule]: logged out Subject

       

      2010-05-13 17:48:00,349 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] abort

       

      2010-05-13 17:48:00,349 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] abort

       

      2010-05-13 17:48:00,349 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] Login failure

       

      javax.security.auth.login.LoginException: Unable to create new InitialLdapContext

       

          at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:485)

       

          at org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:339)

       

          at org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:734)

       

          at java.security.AccessController.doPrivileged(Native Method)

       

          at javax.security.auth.Subject.doAs(Unknown Source)

       

          at org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:279)

       

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       

          at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

       

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

       

          at java.lang.reflect.Method.invoke(Unknown Source)

       

          at javax.security.auth.login.LoginContext.invoke(Unknown Source)

       

          at javax.security.auth.login.LoginContext.access$000(Unknown Source)

       

          at javax.security.auth.login.LoginContext$4.run(Unknown Source)

       

          at java.security.AccessController.doPrivileged(Native Method)

       

          at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)

       

          at javax.security.auth.login.LoginContext.login(Unknown Source)

       

          at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)

       

          at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)

       

          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)

       

          at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)

       

          at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)

       

          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)

       

          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)

       

          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

       

          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

       

          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)

       

          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

       

          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)

       

          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)

       

          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)

       

          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)

       

          at java.lang.Thread.run(Unknown Source)

       

      Caused by: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]]

       

          at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)

       

          at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)

       

          at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

       

          at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)

       

          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

       

          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

       

          at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)

       

          at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

       

          at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)

       

          at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)

       

          at javax.naming.InitialContext.init(Unknown Source)

       

          at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)

       

          at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:481)

       

          ... 31 more

       

      Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]

       

          at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)

       

          ... 44 more

       

      Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)

       

          at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)

       

          at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)

       

          at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Unknown Source)

       

          at sun.security.jgss.GSSManagerImpl.getMechanismContext(Unknown Source)

       

          at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

       

          at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

       

          ... 45 more

       

      2010-05-13 17:48:00,351 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] End isValid, false

       

      2010-05-13 17:48:00,351 TRACE [org.jboss.security.negotiation.common.MessageTrace.Response.Base64] oW0wa6JpBGdgZQYJKoZIhvcSAQICAgBvVjBUoAMCAQWhAwIBD6JIMEagAwIBF6I/BD0DyTcLwn/f

       

      GAeVvBl39VFPkHp87cpDXobl+YfcKElYBicx25mzeRVORivT0Ac7+tapOxRDjZ6b08LR9Tmj

       

      Please help me in finding solution for this

       

      Thanks

      Selvakumar.S