1 Reply Latest reply on Mar 22, 2011 9:09 AM by Sarris Overbosch

    Jboss negotiation - GSSException: Failure unspecified at GSS

    Asanga K Newbie

      Hi,

      I've downloaded and setup Jboss Negotiation as described in the manual, and although the basic negotiation and security domain test passes, I cannot get the secure servlet to working. I've reinstalled and redid the configuration from scratch, but to no avail.

      AD server:
      Win 2003

      App Server:
      jboss-5.0.1.GA (tried with 5.1.0 GA with the same results)
      jdk1.6.0_14
      winxp

      Client:
      IE7

      I would really appreciate if somebody can have a look, since I've come to a dead end and seeing no way out of it.

      Thanks,
      Asa

      The log file: (sorry about it being so long)

      15:32:12,017 TRACE [SecurityRolesAssociation] Setting threadlocal:{}
      15:32:17,470 DEBUG [arjLogger] StatusModule: first pass
      15:32:17,486 TRACE [JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.secur
      ity.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
      15:32:17,486 DEBUG [txojLoggerI18N] [com.arjuna.ats.internal.txoj.recovery.TORecoveryModule_3] - TORecoveryModule - first pass
      15:32:17,486 TRACE [NegotiationAuthenticator] Authenticating user
      15:32:17,486 DEBUG [loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.firstpass] Local XARecoveryModule - first pass
      15:32:17,486 DEBUG [NegotiationAuthenticator] Header - null
      15:32:17,486 DEBUG [NegotiationAuthenticator] No Authorization Header, sending 401
      15:32:17,501 TRACE [SecurityRolesAssociation] Setting threadlocal:null
      15:32:17,501 TRACE [SecurityRolesAssociation] Setting threadlocal:null
      15:32:17,517 TRACE [SecurityRolesAssociation] Setting threadlocal:{}
      15:32:17,517 TRACE [JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.secur
      ity.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
      15:32:17,533 TRACE [NegotiationAuthenticator] Authenticating user
      15:32:17,533 DEBUG [NegotiationAuthenticator] Header - Negotiate YIIE3gYGKwYBBQUCoIIE0jCCBM6gJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBKQEg
      ..
      ..
      bPXVIWJPGwz/sqTVPanQ8JnGaqzF8eP3gB+N02a+aFL1w=
      15:32:17,579 TRACE [Hex] 0x60 0x82 0x04 0xde 0x06 0x06 0x2b 0x06 0x01 0x05 0x05 0x02 0xa0 0x82 0x04 0xd2 0x30 0x82 0x04 0xce 0xa0 0x24 0x30 0x22 0x06
      ..
      ..
      0xfb 0x2a 0x4d 0x53 0xda 0x9d 0x0f 0x09 0x9c 0x66 0xaa 0xcc 0x5f 0x1e 0x3f 0x78 0x01 0xf8 0xdd 0x36 0x6b 0xe6 0x85 0x2f 0x5c
      15:32:17,642 DEBUG [NegotiationAuthenticator] Creating new NegotiationContext
      15:32:17,642 TRACE [NegotiationContext] associate 4801672
      15:32:17,658 TRACE [SPNEGO] Begin isValid, principal:663114DA6CEA65A4B3ED20F84D1D2E93, cache info: null
      15:32:17,658 TRACE [SPNEGO] defaultLogin, principal=663114DA6CEA65A4B3ED20F84D1D2E93
      15:32:17,658 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(SPNEGO), size=12
      15:32:17,658 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
      ControlFlag: LoginModuleControlFlag: requisite
      Options:
      name=serverSecurityDomain, value=host
      name=password-stacking, value=useFirstPass

      15:32:17,673 TRACE [SPNEGOLoginModule] initialize
      15:32:17,673 TRACE [SPNEGOLoginModule] Security domain: SPNEGO
      15:32:17,673 DEBUG [SPNEGOLoginModule] serverSecurityDomain=host
      15:32:17,673 TRACE [SPNEGOLoginModule] login
      15:32:17,673 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(host), size=12
      15:32:17,673 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:
      name=principal, value=HOST/javauser@MY.DOMAIN
      name=useKeyTab, value=true
      name=storeKey, value=true
      name=keyTab, value=P:/JBoss/jboss-5.0.1.GA/server/default/conf/keytabs/javauser.host.keytab
      name=useTicketCache, value=false
      name=debug, value=true
      name=refreshKrb5Config, value=true
      name=doNotPrompt, value=true

      15:32:17,704 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true Key
      Tab is P:/JBoss/jboss-5.0.1.GA/server/default/conf/keytabs/javauser.host.keytab refreshKrb5Config is true principal is HOST/javauser@MY.DOMAIN tryFirs
      tPass is false useFirstPass is false storePass is false clearPass is false
      15:32:17,704 INFO [STDOUT] Refreshing Kerberos configuration
      15:32:17,704 INFO [STDOUT] Refreshing Keytab
      15:32:17,720 INFO [STDOUT] >>> KeyTabInputStream, readName(): MY.DOMAIN
      15:32:17,720 INFO [STDOUT] >>> KeyTabInputStream, readName(): HOST
      15:32:17,720 INFO [STDOUT] >>> KeyTabInputStream, readName(): javauser
      15:32:17,720 INFO [STDOUT] >>> KeyTab: load() entry length: 58; type: 23
      15:32:17,720 INFO [STDOUT] Added key: 23version: 16
      15:32:17,720 INFO [STDOUT] Ordering keys wrt default_tkt_enctypes list
      15:32:17,720 INFO [STDOUT] default etypes for default_tkt_enctypes:
      15:32:17,736 INFO [STDOUT] 23
      15:32:17,736 INFO [STDOUT] .
      15:32:17,736 INFO [STDOUT] 0: EncryptionKey: keyType=23 kvno=16 keyValue (hex dump)=
      0000: 91 FF 0F B9 48 16 7E B4 D0 80 B5 33 06 86 C0 2F ....H......3.../
      15:32:17,736 INFO [STDOUT] principal's key obtained from the keytab
      15:32:17,736 INFO [STDOUT] Acquire TGT using AS Exchange
      15:32:17,751 INFO [STDOUT] default etypes for default_tkt_enctypes:
      15:32:17,751 INFO [STDOUT] 23
      15:32:17,751 INFO [STDOUT] .
      15:32:17,751 INFO [STDOUT] >>> KrbAsReq calling createMessage
      15:32:17,751 INFO [STDOUT] >>> KrbAsReq in createMessage
      15:32:17,751 INFO [STDOUT] >>> KrbKdcReq send: kdc=cmbdc UDP:88, timeout=30000, number of retries =3, #bytes=137
      15:32:17,767 INFO [STDOUT] >>> KDCCommunication: kdc=cmbdc UDP:88, timeout=30000,Attempt =1, #bytes=137
      15:32:17,783 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=144
      15:32:17,783 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=144
      15:32:17,783 INFO [STDOUT] >>> KDCRep: init() encoding tag is 126 req type is 11
      15:32:17,783 INFO [STDOUT] >>>KRBError:
      15:32:17,783 INFO [STDOUT] sTime is Tue Aug 04 15:32:17 IST 2009 1249380137000
      15:32:17,783 INFO [STDOUT] suSec is 958551
      15:32:17,798 INFO [STDOUT] error code is 25
      15:32:17,798 INFO [STDOUT] error Message is Additional pre-authentication required
      15:32:17,798 INFO [STDOUT] realm is MY.DOMAIN
      15:32:17,798 INFO [STDOUT] sname is krbtgt/MY.DOMAIN
      15:32:17,798 INFO [STDOUT] eData provided.
      15:32:17,798 INFO [STDOUT] msgType is 30
      15:32:17,798 INFO [STDOUT] >>>Pre-Authentication Data:
      15:32:17,798 INFO [STDOUT] PA-DATA type = 11
      15:32:17,814 INFO [STDOUT] PA-ETYPE-INFO etype = 23
      15:32:17,814 INFO [STDOUT] >>>Pre-Authentication Data:
      15:32:17,814 INFO [STDOUT] PA-DATA type = 2
      15:32:17,814 INFO [STDOUT] PA-ENC-TIMESTAMP
      15:32:17,814 INFO [STDOUT] >>>Pre-Authentication Data:
      15:32:17,814 INFO [STDOUT] PA-DATA type = 15
      15:32:17,814 INFO [STDOUT] AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
      15:32:17,829 INFO [STDOUT] Pre-Authenticaton: find key for etype = 23
      15:32:17,829 INFO [STDOUT] AS-REQ: Add PA_ENC_TIMESTAMP now
      15:32:17,814 INFO [STDOUT] >>>KrbAsReq salt is MY.DOMAINHOSTjavauser
      15:32:17,829 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      15:32:17,829 INFO [STDOUT] >>> KrbAsReq calling createMessage
      15:32:17,829 INFO [STDOUT] >>> KrbAsReq in createMessage
      15:32:17,829 INFO [STDOUT] >>> KrbKdcReq send: kdc=cmbdc UDP:88, timeout=30000, number of retries =3, #bytes=220
      15:32:17,845 INFO [STDOUT] >>> KDCCommunication: kdc=cmbdc UDP:88, timeout=30000,Attempt =1, #bytes=220
      15:32:17,845 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=1218
      15:32:17,845 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=1218
      15:32:17,845 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      15:32:17,845 INFO [STDOUT] >>> KrbAsRep cons in KrbAsReq.getReply HOST/javauser
      15:32:17,845 INFO [STDOUT] principal is HOST/javauser@MY.DOMAIN
      15:32:17,845 INFO [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 91 FF 0F B9 48 16 7E B4 D0 80 B5 33 06 86 C0 2F ....H......3.../
      15:32:17,861 INFO [STDOUT] Added server's keyKerberos Principal HOST/javauser@MY.DOMAINKey Version 16key EncryptionKey: keyType=23 keyBytes (hex dump
      )=
      0000: 91 FF 0F B9 48 16 7E B4 D0 80 B5 33 06 86 C0 2F ....H......3.../
      15:32:17,861 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal HOST/javauser@MY.DOMAIN to Subject
      15:32:17,861 INFO [STDOUT] Commit Succeeded
      15:32:17,861 DEBUG [SPNEGOLoginModule] Subject = Subject:
      Principal: HOST/javauser@MY.DOMAIN
      Private Credential: Ticket (hex) =
      0000: 61 82 03 85 30 82 03 81 A0 03 02 01 05 A1 0B 1B a...0...........
      ...
      ....
      0380: 2C C8 7A 75 FE 68 A5 81 F4 ,.zu.h...

      Client Principal = HOST/javauser@MY.DOMAIN
      Server Principal = krbtgt/MY.DOMAIN@MY.DOMAIN
      Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: E8 01 B9 F8 84 29 31 80 A5 80 11 09 49 3A 22 55 .....)1.....I:"U


      Forwardable Ticket false
      Forwarded Ticket false
      Proxiable Ticket false
      Proxy Ticket false
      Postdated Ticket false
      Renewable Ticket false
      Initial Ticket false
      Auth Time = Tue Aug 04 15:32:17 IST 2009
      Start Time = Tue Aug 04 15:32:17 IST 2009
      End Time = Wed Aug 05 01:32:17 IST 2009
      Renew Till = null
      Client Addresses Null
      Private Credential: Kerberos Principal HOST/javauser@MY.DOMAINKey Version 16key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 91 FF 0F B9 48 16 7E B4 D0 80 B5 33 06 86 C0 2F ....H......3.../



      15:32:18,001 DEBUG [SPNEGOLoginModule] Logged in 'host' LoginContext
      15:32:18,001 TRACE [SPNEGOLoginModule] Result - false
      15:32:18,001 INFO [STDOUT] [Krb5LoginModule]: Entering logout
      15:32:18,001 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
      15:32:18,001 TRACE [SPNEGOLoginModule] super.loginOk false
      15:32:18,017 TRACE [SPNEGOLoginModule] abort
      15:32:18,017 TRACE [SPNEGO] Login failure
      javax.security.auth.login.LoginException: Continuation Required.
      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:161)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
      at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
      at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:619)
      15:32:18,064 TRACE [SPNEGO] End isValid, false
      15:32:18,064 TRACE [Base64] oRQwEqADCgEBoQsGCSqGSIb3EgECAg==
      15:32:18,064 TRACE [NegotiationContext] clear 4801672
      15:32:18,064 TRACE [SecurityRolesAssociation] Setting threadlocal:null
      15:32:18,079 TRACE [SecurityRolesAssociation] Setting threadlocal:null
      15:32:18,079 TRACE [SecurityRolesAssociation] Setting threadlocal:{}
      15:32:18,079 TRACE [JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.secur
      ity.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
      15:32:18,079 TRACE [NegotiationAuthenticator] Authenticating user
      15:32:18,079 DEBUG [NegotiationAuthenticator] Header - Negotiate oYIErDCCBKiiggSkBIIEoGCCBJwGCSqGSIb3EgECAgEAboIEizCCBIegAwIBBaEDAgEOogcDBQAgAAAAo4IDt
      ...
      ..
      mcwWQ6DvPs8quun311lSBMU8E5Gey/euaZDKpB18oJNRkoeZaN95N1UvMgy8/Lz/5mjM1qun5l3+/GcpgCaQxZRgEk+T/6EQropSfXxdI7l+oix+iM4tHlQAAwdwfYLx
      15:32:18,126 TRACE [Hex] 0xa1 0x82 0x04 0xac 0x30 0x82 0x04 0xa8 0xa2 0x82 0x04 0xa4 0x04 0x82 0x04 0xa0 0x60 0x82 0x04 0x9c 0x06 0x09 0x2a 0x86 0x48
      ...
      ...
      0x26 0x90 0xc5 0x94 0x60 0x12 0x4f 0x93 0xff 0xa1 0x10 0xae 0x8a 0x52 0x7d 0x7c 0x5d 0x23 0xb9 0x7e 0xa2 0x2c 0x7e 0x88 0xce 0x2d 0x1e 0x54 0x00 0x03
      0x07 0x70 0x7d 0x82 0xf1
      15:32:18,220 TRACE [NegotiationContext] associate 4801672
      15:32:18,220 TRACE [SPNEGO] Begin isValid, principal:663114DA6CEA65A4B3ED20F84D1D2E93, cache info: null
      15:32:18,220 TRACE [SPNEGO] defaultLogin, principal=663114DA6CEA65A4B3ED20F84D1D2E93
      15:32:18,220 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(SPNEGO), size=12
      15:32:18,220 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
      ControlFlag: LoginModuleControlFlag: requisite
      Options:
      name=serverSecurityDomain, value=host
      name=password-stacking, value=useFirstPass

      15:32:18,236 TRACE [SPNEGOLoginModule] initialize
      15:32:18,236 TRACE [SPNEGOLoginModule] Security domain: SPNEGO
      15:32:18,251 DEBUG [SPNEGOLoginModule] serverSecurityDomain=host
      15:32:18,251 TRACE [SPNEGOLoginModule] login
      15:32:18,251 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(host), size=12
      15:32:18,251 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:
      name=principal, value=HOST/javauser@MY.DOMAIN
      name=useKeyTab, value=true
      name=storeKey, value=true
      name=keyTab, value=P:/JBoss/jboss-5.0.1.GA/server/default/conf/keytabs/javauser.host.keytab
      name=useTicketCache, value=false
      name=debug, value=true
      name=refreshKrb5Config, value=true
      name=doNotPrompt, value=true

      15:32:18,283 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true Key
      Tab is P:/JBoss/jboss-5.0.1.GA/server/default/conf/keytabs/javauser.host.keytab refreshKrb5Config is true principal is HOST/javauser@MY.DOMAIN tryFirs
      tPass is false useFirstPass is false storePass is false clearPass is false
      15:32:18,283 INFO [STDOUT] Refreshing Kerberos configuration
      15:32:18,298 INFO [STDOUT] Refreshing Keytab
      15:32:18,298 INFO [STDOUT] >>> KeyTabInputStream, readName(): MY.DOMAIN
      15:32:18,298 INFO [STDOUT] >>> KeyTabInputStream, readName(): HOST
      15:32:18,298 INFO [STDOUT] >>> KeyTabInputStream, readName(): javauser
      15:32:18,298 INFO [STDOUT] >>> KeyTab: load() entry length: 58; type: 23
      15:32:18,298 INFO [STDOUT] Added key: 23version: 16
      15:32:18,298 INFO [STDOUT] Ordering keys wrt default_tkt_enctypes list
      15:32:18,298 INFO [STDOUT] default etypes for default_tkt_enctypes:
      15:32:18,314 INFO [STDOUT] 23
      15:32:18,314 INFO [STDOUT] .
      15:32:18,314 INFO [STDOUT] 0: EncryptionKey: keyType=23 kvno=16 keyValue (hex dump)=
      0000: 91 FF 0F B9 48 16 7E B4 D0 80 B5 33 06 86 C0 2F ....H......3.../
      15:32:18,314 INFO [STDOUT] principal's key obtained from the keytab
      15:32:18,314 INFO [STDOUT] Acquire TGT using AS Exchange
      15:32:18,314 INFO [STDOUT] default etypes for default_tkt_enctypes:
      15:32:18,314 INFO [STDOUT] 23
      15:32:18,329 INFO [STDOUT] .
      15:32:18,329 INFO [STDOUT] >>> KrbAsReq calling createMessage
      15:32:18,329 INFO [STDOUT] >>> KrbAsReq in createMessage
      15:32:18,329 INFO [STDOUT] >>> KrbKdcReq send: kdc=cmbdc UDP:88, timeout=30000, number of retries =3, #bytes=137
      15:32:18,329 INFO [STDOUT] >>> KDCCommunication: kdc=cmbdc UDP:88, timeout=30000,Attempt =1, #bytes=137
      15:32:18,329 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=144
      15:32:18,329 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=144
      15:32:18,345 INFO [STDOUT] >>> KDCRep: init() encoding tag is 126 req type is 11
      15:32:18,345 INFO [STDOUT] >>>KRBError:
      15:32:18,345 INFO [STDOUT] sTime is Tue Aug 04 15:32:18 IST 2009 1249380138000
      15:32:18,345 INFO [STDOUT] suSec is 505426
      15:32:18,345 INFO [STDOUT] error code is 25
      15:32:18,345 INFO [STDOUT] error Message is Additional pre-authentication required
      15:32:18,345 INFO [STDOUT] realm is MY.DOMAIN
      15:32:18,345 INFO [STDOUT] sname is krbtgt/MY.DOMAIN
      15:32:18,361 INFO [STDOUT] eData provided.
      15:32:18,361 INFO [STDOUT] msgType is 30
      15:32:18,361 INFO [STDOUT] >>>Pre-Authentication Data:
      15:32:18,361 INFO [STDOUT] PA-DATA type = 11
      15:32:18,361 INFO [STDOUT] PA-ETYPE-INFO etype = 23
      15:32:18,361 INFO [STDOUT] >>>Pre-Authentication Data:
      15:32:18,361 INFO [STDOUT] PA-DATA type = 2
      15:32:18,361 INFO [STDOUT] PA-ENC-TIMESTAMP
      15:32:18,376 INFO [STDOUT] >>>Pre-Authentication Data:
      15:32:18,376 INFO [STDOUT] PA-DATA type = 15
      15:32:18,376 INFO [STDOUT] AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
      15:32:18,376 INFO [STDOUT] >>>KrbAsReq salt is MY.DOMAINHOSTjavauser
      15:32:18,376 INFO [STDOUT] Pre-Authenticaton: find key for etype = 23
      15:32:18,376 INFO [STDOUT] AS-REQ: Add PA_ENC_TIMESTAMP now
      15:32:18,376 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      15:32:18,392 INFO [STDOUT] >>> KrbAsReq calling createMessage
      15:32:18,392 INFO [STDOUT] >>> KrbAsReq in createMessage
      15:32:18,392 INFO [STDOUT] >>> KrbKdcReq send: kdc=cmbdc UDP:88, timeout=30000, number of retries =3, #bytes=220
      15:32:18,392 INFO [STDOUT] >>> KDCCommunication: kdc=cmbdc UDP:88, timeout=30000,Attempt =1, #bytes=220
      15:32:18,392 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=1218
      15:32:18,392 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=1218
      15:32:18,408 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      15:32:18,408 INFO [STDOUT] >>> KrbAsRep cons in KrbAsReq.getReply HOST/javauser
      15:32:18,408 INFO [STDOUT] principal is HOST/javauser@MY.DOMAIN
      15:32:18,408 INFO [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 91 FF 0F B9 48 16 7E B4 D0 80 B5 33 06 86 C0 2F ....H......3.../
      15:32:18,408 INFO [STDOUT] Added server's keyKerberos Principal HOST/javauser@MY.DOMAINKey Version 16key EncryptionKey: keyType=23 keyBytes (hex dump
      )=
      0000: 91 FF 0F B9 48 16 7E B4 D0 80 B5 33 06 86 C0 2F ....H......3.../
      15:32:18,423 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal HOST/javauser@TTCMB.LAN to Subject
      15:32:18,423 INFO [STDOUT] Commit Succeeded
      15:32:18,439 DEBUG [SPNEGOLoginModule] Subject = Subject:
      Principal: HOST/javauser@TTCMB.LAN
      Private Credential: Ticket (hex) =
      0000: 61 82 03 85 30 82 03 81 A0 03 02 01 05 A1 0B 1B a...0...........
      ..
      ..
      0380: 3A 7B CE F3 79 66 2B 1C 1D :...yf+..

      Client Principal = HOST/javauser@TTCMB.LAN
      Server Principal = krbtgt/TTCMB.LAN@TTCMB.LAN
      Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 84 31 AF 24 FC D9 16 D0 E5 4D 88 1B 70 C4 8A DD .1.$.....M..p...


      Forwardable Ticket false
      Forwarded Ticket false
      Proxiable Ticket false
      Proxy Ticket false
      Postdated Ticket false
      Renewable Ticket false
      Initial Ticket false
      Auth Time = Tue Aug 04 15:32:18 IST 2009
      Start Time = Tue Aug 04 15:32:18 IST 2009
      End Time = Wed Aug 05 01:32:18 IST 2009
      Renew Till = null
      Client Addresses Null
      Private Credential: Kerberos Principal HOST/javauser@TTCMB.LANKey Version 16key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 91 FF 0F B9 48 16 7E B4 D0 80 B5 33 06 86 C0 2F ....H......3.../



      15:32:18,579 DEBUG [SPNEGOLoginModule] Logged in 'host' LoginContext
      15:32:18,579 DEBUG [SPNEGOLoginModule] Creating new GSSContext.
      15:32:18,579 INFO [STDOUT] Found key for HOST/javauser@TTCMB.LAN(23)
      15:32:18,579 INFO [STDOUT] Entered Krb5Context.acceptSecContext with state=STATE_NEW
      15:32:18,579 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      15:32:18,579 ERROR [STDERR] Checksum failed !
      15:32:18,595 TRACE [SPNEGOLoginModule] Result - GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
      15:32:18,595 ERROR [SPNEGOLoginModule] Unable to authenticate
      GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
      at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
      at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
      at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:294)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.Subject.doAs(Subject.java:337)
      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:118)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
      at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
      at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:619)
      Caused by: KrbException: Checksum failed
      at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85)
      at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77)
      at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
      at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
      at sun.security.krb5.KrbApReq.(KrbApReq.java:134)
      at sun.security.jgss.krb5.InitSecContextToken.(InitSecContextToken.java:79)
      at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
      ... 35 more
      Caused by: java.security.GeneralSecurityException: Checksum failed
      at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388)
      at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74)
      at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83)
      ... 41 more
      15:32:18,673 INFO [STDOUT] [Krb5LoginModule]: Entering logout
      15:32:18,673 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
      15:32:18,673 TRACE [SPNEGOLoginModule] abort
      15:32:18,673 TRACE [SPNEGO] Login failure
      javax.security.auth.login.LoginException: Unable to authenticate - Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:141)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
      at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
      at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:619)
      15:32:18,736 TRACE [SPNEGO] End isValid, false
      15:32:18,736 TRACE [NegotiationContext] clear 4801672
      15:32:18,736 TRACE [SecurityRolesAssociation] Setting threadlocal:null
      15:32:18,736 TRACE [SecurityRolesAssociation] Setting threadlocal:null