[19295] in Kerberos
Java Kerberos JNDI help needed urgently
daemon@ATHENA.MIT.EDU (Caesar)
Thu May 22 21:10:12 2003
From: caesars@cs.stanford.edu (Caesar)
Date: 22 May 2003 05:17:31 -0700
Message-ID: <268e6625.0305220417.6cfc5fa5@posting.google.com>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
We are trying to use kerberos authentication to perform ldap actions
on an Active Directory. The GSS sample code from sun works perfectly
on our test active directories but refuses to work on the live active
directory. The JAAS part succeeds but the GSSAPI authentication fails
with the following error (KrbException: Identifier doesn't match
expected value (906))
Any ideas about what we can try or what might be going wrong. Any and
all help will be sincerely appreciated...
Here are my kerberos debugging logs:
After the JAAS Authentication:
principal is mku@CORP.FOO.COM
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbAsReq etypes are: 3 1
>>> KrbKdcReq send: kdc=corp.foo.com, port=88, timeout=30000, number
of retries =3, #bytes=225
SocketTimeOutException with attempt: 1
>>> KrbKdcReq send: #bytes read=1307
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply mku
Commit Succeeded
>>> Authentication succeeded.
>>> Now to do the JNDI stuff
Opening connection to
ldap://corp.foo.com/CN=Users,OU=Foo,DC=corp,DC=foo,DC=com
>>> Credentials acquireServiceCreds: same realm
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbKdcReq send: kdc=corp.brocade.com, port=88, timeout=30000,
number of retries =3, #bytes=1278
SocketTimeOutException with attempt: 1
>>> KrbKdcReq send: #bytes read=104
>>> KDCRep: init() encoding tag is 126 req type is 13
KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.af.a(DashoA6275:129)
at sun.security.krb5.internal.ae.a(DashoA6275:58)
at sun.security.krb5.internal.ae.<init>(DashoA6275:53)
~Caesar
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
