1 Reply Latest reply on Mar 30, 2010 9:39 AM by Daniel Yazbek

    jboss negotiation toolkit

    Laurent Mallet Newbie

      I try to test jboss-negotiation on Jboss 5.0.1GA and Linux 64bits.

      Test 1 and Test 2 are ok. But the third (Secured) doesn't work on my system.

      My keytab is well configured. But the SNPEGO Token doesn't work. I try
      with others crypto without sucess (AES 256/ AES 128 / DES / ARCFOUR).

      Typical trace :

      3:45:53,233 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
      13:45:53,280 INFO [AjpProtocol] Starting Coyote AJP/1.3 on ajp-0.0.0.0-8009
      13:45:53,309 INFO [ServerImpl] JBoss (Microcontainer) [5.0.1.GA (build: SVNTag=JBoss_5_0_1_GA date=200902232048)] Started in 1m:9s:397ms
      13:46:06,376 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /etc/krb5.keytab refreshKrb5Config is false principal is host/server2.scigems.org@SCIGEMS.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
      13:46:07,007 INFO [STDOUT] principal's key obtained from the keytab
      13:46:07,007 INFO [STDOUT] Acquire TGT using AS Exchange
      13:46:08,279 INFO [STDOUT] principal is host/server2.scigems.org@SCIGEMS.ORG
      13:46:08,280 INFO [STDOUT] EncryptionKey: keyType=17 keyBytes (hex dump)=0000: 33 46 86 8A 9A F5 D6 51 FB 39 7A E9 06 CC F2 50 3F.....Q.9z....P
      13:46:08,292 INFO [STDOUT] Added server's keyKerberos Principal host/server2.scigems.org@SCIGEMS.ORGKey Version 2key EncryptionKey: keyType=17 keyBytes (hex dump)=
      0000: 33 46 86 8A 9A F5 D6 51 FB 39 7A E9 06 CC F2 50 3F.....Q.9z....P
      13:46:08,293 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/server2.scigems.org@SCIGEMS.ORG to Subject
      13:46:08,293 INFO [STDOUT] Commit Succeeded
      13:51:37,810 ERROR [STDERR] Checksum failed !
      14:17:13,665 ERROR [SPNEGOLoginModule] Unable to authenticate
      GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
       at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
       at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
       at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
       at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:294)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAs(Subject.java:337)
       at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:118)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
       at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
       at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
       at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
       at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Thread.java:619)
      Caused by: KrbException: Checksum failed
       at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:85)
       at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:77)
       at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
       at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
       at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
       at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
       at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
       ... 35 more
      Caused by: java.security.GeneralSecurityException: Checksum failed
       at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:431)
       at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:254)
       at sun.security.krb5.internal.crypto.Aes128.decrypt(Aes128.java:59)
       at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:83)
       ... 41 more
      14:17:13,679 INFO [STDOUT] [Krb5LoginModule]: Entering logout
      14:17:13,680 INFO [STDOUT] [Krb5LoginModule]: logged out Subject