f



[Fwd: Re: Problem with GSS-API: GSSException Failure unspecified atof Defective token detected (Mechanism level: AP_REP]

This is a multi-part message in MIME format.

--Boundary_(ID_S0aJ4w0LVvxBpu0sbQVqcg)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT



--Boundary_(ID_S0aJ4w0LVvxBpu0sbQVqcg)
Content-type: message/rfc822;
 name="t find key of appropriatetype to decrypt AP REP - RC4 with HMAC -
 GSSException: Defective token detected(Mechanism level: AP_REP"

Date: Fri, 26 Nov 2004 13:16:31 -0800
From: Seema Malkani <Seema.Malkani@sun.com>
Subject: Re: Problem with GSS-API: GSSException Failure unspecified at GSS-API
 level (Mechanism level: Invalid argument (400) - Cannot find key of
 appropriate type to decrypt AP REP - RC4 with HMAC - GSSException: Defective
 token detected (Mechanism level: AP_REP
In-reply-to: <55ce270.0411141407.6983895@posting.google.com>
To: Don Alex <alexmunoz@uniandes.edu.co>
Cc: kerberos@mit.edu
Message-id: <41A79D2F.2080101@sun.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en-us, en
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.4) Gecko/20040414
References: <55ce270.0411141407.6983895@posting.google.com>

Alex,

Currently Sun's implementation of Java GSS does not support RC4-HMAC.
Java GSS/Kerberos in J2SE 1.5 supports 3DES and DES enctypes.
Hence the error.

Make sure you select "use DES encryption type" for Kerberos account
in the Windows KDC.

Hope this helps.
Seema

Don Alex wrote:

>Hi doc!!!!:
> 
>I am running the Sample with tutorial "Use of JAAS Login Utility and
>Java GSS-API for Secure Messages without JAAS programming"
>KDC is a Windows 2003
>JDK 1.5
>The Code are SampleClient.java y SampleServer.java without relevant
>modifications
> 
>If anyone has any ideas I'm all ears.
> 
>Don Alex
> 
> 
>SERVER:
>Waiting for incoming connection...
>Got connection from client /157.253.50.59
>Will read input token of size 1272 for processing by acceptSecContext
>Debug is  true storeKey true useTicketCache false useKeyTab false
>doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
>is false principal is null tryFirstPass is false useFirstPass is false
>storePass is false clearPass is false
>Kerberos username [root]: alexmunoz
>Kerberos password for alexmunoz: XXXXXXX
>                [Krb5LoginModule] user entered username: alexmunoz
> 
>Using builtin default etypes for default_tkt_enctypes
>default etypes for default_tkt_enctypes: 3 1 16.
>principal is alexmunoz@AD.UNIANDES.EDU.CO
>Acquire TGT using AS Exchange
>EncryptionKey: keyType=3 keyBytes (hex dump)=0000: 08 B5 45 BF B0 75
>1F 91
>EncryptionKey: keyType=1 keyBytes (hex dump)=0000: 08 B5 45 BF B0 75
>1F 91
>EncryptionKey: keyType=16 keyBytes (hex dump)=0000: E3 B0 02 83 67 57
>EF E3   31 6E 9D 46 46 E3 25 0D  ....gW..1n.FF.%.
>0010: 1C 54 FB 54 1C 54 AB 3E   
>Using builtin default etypes for default_tkt_enctypes
>default etypes for default_tkt_enctypes: 3 1 16.
>  
>
>>>>EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>>>KrbAsReq calling createMessage
>>>>KrbAsReq in createMessage
>>>>KrbKdcReq send: kdc=amacayacu.uniandes.edu.co UDP:88,
>>>>        
>>>>
>timeout=30000, number of retries =3, #bytes=240
>  
>
>>>>KDCCommunication: kdc=amacayacu.uniandes.edu.co UDP:88,
>>>>        
>>>>
>timeout=30000,Attempt =1, #bytes=240
>  
>
>>>>KrbKdcReq send: #bytes read=1406
>>>>KrbKdcReq send: #bytes read=1406
>>>>EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>>>KrbAsRep cons in KrbAsReq.getReply alexmunoz
>>>>        
>>>>
>Added server's keyKerberos Principal alexmunoz@AD.UNIANDES.EDU.COKey
>Version 0key EncryptionKey: keyType=3 keyBytes (hex dump)=
>0000: 08 B5 45 BF B0 75 1F 91   
> 
>                [Krb5LoginModule] added Krb5Principal 
>alexmunoz@AD.UNIANDES.EDU.CO to Subject
>Added server's keyKerberos Principal alexmunoz@AD.UNIANDES.EDU.COKey
>Version 0key EncryptionKey: keyType=1 keyBytes (hex dump)=
>0000: 08 B5 45 BF B0 75 1F 91   
> 
>                [Krb5LoginModule] added Krb5Principal 
>alexmunoz@AD.UNIANDES.EDU.CO to Subject
>Added server's keyKerberos Principal alexmunoz@AD.UNIANDES.EDU.COKey
>Version 0key EncryptionKey: keyType=16 keyBytes (hex dump)=
>0000: E3 B0 02 83 67 57 EF E3   31 6E 9D 46 46 E3 25 0D 
>....gW..1n.FF.%.
>0010: 1C 54 FB 54 1C 54 AB 3E   
> 
>                [Krb5LoginModule] added Krb5Principal 
>alexmunoz@AD.UNIANDES.EDU.CO to Subject
>Commit Succeeded 
> 
>Found key for alexmunoz@AD.UNIANDES.EDU.CO(16)
>Found key for alexmunoz@AD.UNIANDES.EDU.CO(1)
>Found key for alexmunoz@AD.UNIANDES.EDU.CO(3)
>Entered Krb5Context.acceptSecContext with state=STATE_NEW
>GSSException Failure unspecified at GSS-API level (Mechanism level:
>Invalid argument (400) - Cannot find key of appropriate type to
>decrypt AP REP - RC4 with HMAC)
>GSSException: Failure unspecified at GSS-API level (Mechanism level:
>Invalid argument (400) - Cannot find key of appropriate type to
>decrypt AP REP - RC4 with HMAC)
>        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:730)
>        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
>        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
>        at SampleServer.main(SampleServer.java:117)
>Caused by: KrbException: Invalid argument (400) - Cannot find key of
>appropriate type to decrypt AP REP - RC4 with HMAC
>        at sun.security.krb5.KrbApReq.a(DashoA12275:261)
>        at sun.security.krb5.KrbApReq.<init>(DashoA12275:134)
>        at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
>        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:715)
>        ... 3 more
>GSSException Failure unspecified at GSS-API level (Mechanism level:
>Invalid argument (400) - Cannot find key of appropriate type to
>decrypt AP REP - RC4 with HMAC)
>Will send token of size 1272 from acceptSecContext.
>Exception in thread "main" java.io.EOFException
>        at java.io.DataInputStream.readInt(DataInputStream.java:358)
>        at SampleServer.main(SampleServer.java:111)
>
> 
>CLIENT
>Connected to server utria.uniandes.edu.co/157.253.50.59
>Debug is  true storeKey false useTicketCache false useKeyTab false
>doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
>is false principal is null tryFirstPass is false useFirstPass is false
>storePass is false clearPass is false
>Kerberos username [root]: alexmunoz
>Kerberos password for alexmunoz: XXXXXXX
>                [Krb5LoginModule] user entered username: alexmunoz
> 
>Using builtin default etypes for default_tkt_enctypes
>default etypes for default_tkt_enctypes: 3 1 16.
>principal is alexmunoz@AD.UNIANDES.EDU.CO
>Acquire TGT using AS Exchange
>EncryptionKey: keyType=3 keyBytes (hex dump)=0000: 08 B5 45 BF B0 75
>1F 91
>EncryptionKey: keyType=1 keyBytes (hex dump)=0000: 08 B5 45 BF B0 75
>1F 91
>EncryptionKey: keyType=16 keyBytes (hex dump)=0000: E3 B0 02 83 67 57
>EF E3   31 6E 9D 46 46 E3 25 0D  ....gW..1n.FF.%.
>0010: 1C 54 FB 54 1C 54 AB 3E   
>Using builtin default etypes for default_tkt_enctypes
>default etypes for default_tkt_enctypes: 3 1 16.
>  
>
>>>>EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>>>KrbAsReq calling createMessage
>>>>KrbAsReq in createMessage
>>>>KrbKdcReq send: kdc=amacayacu.uniandes.edu.co UDP:88,
>>>>        
>>>>
>timeout=30000, number of retries =3, #bytes=240
>  
>
>>>>KDCCommunication: kdc=amacayacu.uniandes.edu.co UDP:88,
>>>>        
>>>>
>timeout=30000,Attempt =1, #bytes=240
>  
>
>>>>KrbKdcReq send: #bytes read=1406
>>>>KrbKdcReq send: #bytes read=1406
>>>>EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>>>KrbAsRep cons in KrbAsReq.getReply alexmunoz
>>>>        
>>>>
>Commit Succeeded 
> 
>Found ticket for alexmunoz@AD.UNIANDES.EDU.CO to go to
>krbtgt/AD.UNIANDES.EDU.CO@AD.UNIANDES.EDU.CO expiring on Sun Nov 14
>22:26:21 COT 2004
>Entered Krb5Context.initSecContext with state=STATE_NEW
>Service ticket not found in the subject
>  
>
>>>>Credentials acquireServiceCreds: same realm
>>>>        
>>>>
>Using builtin default etypes for default_tgs_enctypes
>default etypes for default_tgs_enctypes: 3 1 16.
>  
>
>>>>CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>>>EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>>>KrbKdcReq send: kdc=amacayacu.uniandes.edu.co UDP:88,
>>>>        
>>>>
>timeout=30000, number of retries =3, #bytes=1374
>  
>
>>>>KDCCommunication: kdc=amacayacu.uniandes.edu.co UDP:88,
>>>>        
>>>>
>timeout=30000,Attempt =1, #bytes=1374
>  
>
>>>>KrbKdcReq send: #bytes read=1340
>>>>KrbKdcReq send: #bytes read=1340
>>>>EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>>>KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>>>EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>>>        
>>>>
>Krb5Context setting mySeqNumber to: 948
>Created InitSecContextToken:
>0000: 30 31 20 30 30 20 36 65   20 38 32 20 30 34 20 65  01 00 6e 82
>04 e
>0010: 33 20 33 30 20 38 32 20   30 34 20 64 66 20 61 30  3 30 82 04 df
>a0
>0020: 20 30 33 20 30 32 20 30   31 20 30 35 20 61 31 20   03 02 01 05
>a1
>0030: 30 33 20 30 32 20 30 31   20 30 65 20 61 32 20 30  03 02 01 0e
>a2 0
>0040: 37 20 30 33 20 30 35 20   30 30 20 32 30 20 30 30  7 03 05 00 20
>00
>0050: 20 30 30 20 30 30 20 61   33 20 38 32 20 30 34 20   00 00 a3 82
>04
>0060: 30 37 20 36 31 20 38 32   20 30 34 20 30 33 20 33  07 61 82 04
>03 3
>0070: 30 20 38 32 20 30 33 20   66 66 20 61 30 20 30 33  0 82 03 ff a0
>03
>0080: 20 30 32 20 30 31 20 30   35 20 61 31 20 31 34 20   02 01 05 a1
>14
>0090: 31 62 20 31 32 20 34 31   20 34 34 20 32 65 20 35  1b 12 41 44
>2e 5
>00A0: 35 20 34 65 20 34 39 20   34 31 20 34 65 20 34 34  5 4e 49 41 4e
>44
>00B0: 20 34 35 20 35 33 20 32   65 20 34 35 20 34 34 20   45 53 2e 45
>44
>00C0: 35 35 20 32 65 20 34 33   20 34 66 20 61 32 20 32  55 2e 43 4f
>a2 2
>00D0: 37 20 33 30 20 32 35 20   61 30 20 30 33 20 30 32  7 30 25 a0 03
>02
>00E0: 20 30 31 20 30 30 20 61   31 20 31 65 20 33 30 20   01 00 a1 1e
>30
>00F0: 31 63 20 31 62 20 30 36   20 36 62 20 37 32 20 36  1c 1b 06 6b
>72 6
>0100: 32 20 37 34 20 36 37 20   37 34 20 31 62 20 31 32  2 74 67 74 1b
>12
>0110: 20 34 31 20 34 34 20 32   65 20 35 35 20 34 65 20   41 44 2e 55
>4e
>0120: 34 39 20 34 31 20 34 65   20 34 34 20 34 35 20 35  49 41 4e 44
>45 5
>0130: 33 20 32 65 20 34 35 20   34 34 20 35 35 20 32 65  3 2e 45 44 55
>2e
>0140: 20 34 33 20 34 66 20 61   33 20 38 32 20 30 33 20   43 4f a3 82
>03
>0150: 62 37 20 33 30 20 38 32   20 30 33 20 62 33 20 61  b7 30 82 03
>b3 a
>0160: 30 20 30 33 20 30 32 20   30 31 20 31 37 20 61 31  0 03 02 01 17
>a1
>0170: 20 30 33 20 30 32 20 30   31 20 30 32 20 61 32 20   03 02 01 02
>a2
>0180: 38 32 20 30 33 20 61 35   20 30 34 20 38 32 20 30  82 03 a5 04
>82 0
>0190: 33 20 61 31 20 32 30 20   34 35 20 39 30 20 63 32  3 a1 20 45 90
>c2
>01A0: 20 35 33 20 61 38 20 61   39 20 33 31 20 63 64 20   53 a8 a9 31
>cd
>01B0: 31 62 20 31 31 20 65 63   20 39 61 20 31 36 20 30  1b 11 ec 9a
>16 0
>01C0: 33 20 32 35 20 65 36 20   33 37 20 32 35 20 39 64  3 25 e6 37 25
>9d
>01D0: 20 66 30 20 31 31 20 33   61 20 31 64 20 64 32 20   f0 11 3a 1d
>d2
>01E0: 65 62 20 38 35 20 39 62   20 38 38 20 64 30 20 33  eb 85 9b 88
>d0 3
>01F0: 33 20 38 37 20 38 64 20   62 65 20 38 34 20 33 34  3 87 8d be 84
>34
>0200: 20 64 32 20 32 38 20 31   30 20 34 35 20 39 35 20   d2 28 10 45
>95
>0210: 39 61 20 62 31 20 63 34   20 32 38 20 36 64 20 33  9a b1 c4 28
>6d 3
>0220: 61 20 66 62 20 32 34 20   62 36 20 39 64 20 61 30  a fb 24 b6 9d
>a0
>0230: 20 39 65 20 36 36 20 37   61 20 63 34 20 65 39 20   9e 66 7a c4
>e9
>0240: 37 35 20 63 33 20 31 65   20 30 62 20 65 62 20 35  75 c3 1e 0b
>eb 5
>0250: 64 20 34 61 20 34 37 20   61 63 20 32 37 20 65 38  d 4a 47 ac 27
>e8
>0260: 20 31 61 20 39 39 20 62   30 20 38 32 20 61 64 20   1a 99 b0 82
>ad
>0270: 62 64 20 38 31 20 65 36   20 33 32 20 34 33 20 65  bd 81 e6 32
>43 e
>0280: 31 20 31 66 20 31 31 20   61 31 20 62 37 20 32 38  1 1f 11 a1 b7
>28
>0290: 20 36 38 20 63 31 20 32   30 20 32 66 20 39 30 20   68 c1 20 2f
>90
>02A0: 61 35 20 65 64 20 32 63   20 61 35 20 33 32 20 36  a5 ed 2c a5
>32 6
>02B0: 32 20 34 66 20 30 37 20   61 34 20 61 32 20 65 36  2 4f 07 a4 a2
>e6
>02C0: 20 34 66 20 30 34 20 35   30 20 39 32 20 33 31 20   4f 04 50 92
>31
>02D0: 34 32 20 39 33 20 32 36   20 65 39 20 32 64 20 32  42 93 26 e9
>2d 2
>02E0: 37 20 35 32 20 37 65 20   39 64 20 64 66 20 33 66  7 52 7e 9d df
>3f
>02F0: 20 31 38 20 35 64 20 62   61 20 64 38 20 65 62 20   18 5d ba d8
>eb
>0300: 35 63 20 64 36 20 65 66   20 36 34 20 65 64 20 34  5c d6 ef 64
>ed 4
>0310: 35 20 34 36 20 32 32 20   37 32 20 35 38 20 30 33  5 46 22 72 58
>03
>0320: 20 36 30 20 66 38 20 63   37 20 64 66 20 35 39 20   60 f8 c7 df
>59
>0330: 39 64 20 61 65 20 66 39   20 33 30 20 35 30 20 39  9d ae f9 30
>50 9
>0340: 66 20 65 65 20 31 35 20   37 61 20 33 63 20 64 30  f ee 15 7a 3c
>d0
>0350: 20 30 65 20 65 34 20 65   61 20 39 32 20 37 30 20   0e e4 ea 92
>70
>0360: 38 39 20 34 64 20 63 37   20 39 32 20 62 32 20 66  89 4d c7 92
>b2 f
>0370: 34 20 32 32 20 35 31 20   31 36 20 34 63 20 66 30  4 22 51 16 4c
>f0
>0380: 20 30 64 20 63 39 20 34   66 20 35 62 20 37 39 20   0d c9 4f 5b
>79
>0390: 36 61 20 34 38 20 38 32   20 63 34 20 35 38 20 61  6a 48 82 c4
>58 a
>03A0: 39 20 34 62 20 65 38 20   30 39 20 61 31 20 34 34  9 4b e8 09 a1
>44
>03B0: 20 38 31 20 33 66 20 35   36 20 33 31 20 30 62 20   81 3f 56 31
>0b
>03C0: 31 62 20 65 33 20 34 33   20 35 38 20 32 66 20 65  1b e3 43 58
>2f e
>03D0: 34 20 34 62 20 64 31 20   32 66 20 62 31 20 63 36  4 4b d1 2f b1
>c6
>03E0: 20 30 36 20 35 61 20 34   62 20 66 65 20 36 33 20   06 5a 4b fe
>63
>03F0: 32 39 20 39 33 20 33 35   20 35 64 20 35 64 20 62  29 93 35 5d
>5d b
>0400: 34 20 63 31 20 31 37 20   66 66 20 62 64 20 62 64  4 c1 17 ff bd
>bd
>0410: 20 30 63 20 66 66 20 37   65 20 34 37 20 30 31 20   0c ff 7e 47
>01
>0420: 38 66 20 65 64 20 38 62   20 36 36 20 32 39 20 32  8f ed 8b 66
>29 2
>0430: 36 20 32 34 20 39 37 20   63 33 20 61 38 20 37 30  6 24 97 c3 a8
>70
>0440: 20 35 63 20 34 33 20 33   35 20 31 63 20 31 62 20   5c 43 35 1c
>1b
>0450: 35 66 20 65 35 20 32 39   20 63 34 20 63 33 20 36  5f e5 29 c4
>c3 6
>0460: 66 20 65 39 20 65 66 20   35 62 20 38 37 20 64 64  f e9 ef 5b 87
>dd
>0470: 20 61 64 20 61 65 20 34   37 20 39 64 20 66 31 20   ad ae 47 9d
>f1
>0480: 36 34 20 63 66 20 63 31   20 64 31 20 36 63 20 64  64 cf c1 d1
>6c d
>0490: 32 20 38 30 20 38 65 20   66 61 20 63 64 20 33 31  2 80 8e fa cd
>31
>04A0: 20 62 33 20 32 66 20 38   64 20 35 38 20 39 31 20   b3 2f 8d 58
>91
>04B0: 33 35 20 39 66 20 31 65   20 62 66 20 39 63 20 33  35 9f 1e bf
>9c 3
>04C0: 30 20 37 63 20 66 64 20   64 33 20 33 33 20 39 33  0 7c fd d3 33
>93
>04D0: 20 30 34 20 33 31 20 32   34 20 61 61 20 33 61 20   04 31 24 aa
>3a
>04E0: 38 37 20 33 34 20 32 32   20 36 61 20 63 30 20 39  87 34 22 6a
>c0 9
>04F0: 61 20 32 66 20 63 34 20   39 38 20 66 31 20 61 32  a 2f c4 98 f1
>a2
>0500: 20 62 39 20 63 65 20 31   38 20 65 64 20 36 65 20   b9 ce 18 ed
>6e
>0510: 65 66 20 61 64 20 62 38   20 34 36 20 38 32 20 34  ef ad b8 46
>82 4
>0520: 65 20 66 62 20 38 37 20   64 30 20 30 66 20 38 38  e fb 87 d0 0f
>88
>0530: 20 30 64 20 35 37 20 38   66 20 31 65 20 32 61 20   0d 57 8f 1e
>2a
>0540: 32 38 20 37 36 20 65 33   20 34 35 20 64 39 20 37  28 76 e3 45
>d9 7
>0550: 61 20 65 37 20 34 62 20   63 37 20 65 65 20 35 62  a e7 4b c7 ee
>5b
>0560: 20 32 39 20 61 64 20 36   64 20 62 64 20 31 64 20   29 ad 6d bd
>1d
>0570: 36 39 20 36 36 20 64 39   20 31 66 20 66 34 20 64  69 66 d9 1f
>f4 d
>0580: 66 20 31 34 20 37 34 20   33 64 20 64 66 20 31 38  f 14 74 3d df
>18
>0590: 20 38 31 20 37 39 20 30   63 20 31 66 20 32 39 20   81 79 0c 1f
>29
>05A0: 34 39 20 30 33 20 39 31   20 32 64 20 66 62 20 38  49 03 91 2d
>fb 8
>05B0: 66 20 34 38 20 64 31 20   61 30 20 36 38 20 63 33  f 48 d1 a0 68
>c3
>05C0: 20 37 30 20 61 30 20 36   62 20 34 32 20 61 30 20   70 a0 6b 42
>a0
>05D0: 63 64 20 31 35 20 63 34   20 64 35 20 35 63 20 30  cd 15 c4 d5
>5c 0
>05E0: 32 20 34 37 20 65 37 20   38 30 20 62 63 20 39 65  2 47 e7 80 bc
>9e
>05F0: 20 65 39 20 62 35 20 63   34 20 36 61 20 34 35 20   e9 b5 c4 6a
>45
>0600: 65 36 20 64 65 20 35 66   20 61 31 20 37 66 20 39  e6 de 5f a1
>7f 9
>0610: 34 20 34 32 20 64 38 20   37 31 20 32 35 20 34 36  4 42 d8 71 25
>46
>0620: 20 32 37 20 61 38 20 30   37 20 37 37 20 63 39 20   27 a8 07 77
>c9
>0630: 33 38 20 33 64 20 37 30   20 65 66 20 63 39 20 30  38 3d 70 ef
>c9 0
>0640: 34 20 39 36 20 66 38 20   66 63 20 39 64 20 39 36  4 96 f8 fc 9d
>96
>0650: 20 35 38 20 39 36 20 38   39 20 31 65 20 61 32 20   58 96 89 1e
>a2
>0660: 39 65 20 34 32 20 39 33   20 31 66 20 62 39 20 30  9e 42 93 1f
>b9 0
>0670: 35 20 33 63 20 61 66 20   31 65 20 62 62 20 30 36  5 3c af 1e bb
>06
>0680: 20 66 65 20 66 66 20 34   33 20 32 36 20 30 39 20   fe ff 43 26
>09
>0690: 36 30 20 30 65 20 38 61   20 39 37 20 63 62 20 66  60 0e 8a 97
>cb f
>06A0: 39 20 33 35 20 61 32 20   38 62 20 64 35 20 33 31  9 35 a2 8b d5
>31
>06B0: 20 64 33 20 66 39 20 34   62 20 33 31 20 35 30 20   d3 f9 4b 31
>50
>06C0: 35 32 20 62 34 20 65 36   20 63 31 20 32 38 20 39  52 b4 e6 c1
>28 9
>06D0: 65 20 33 61 20 34 30 20   61 35 20 64 32 20 34 65  e 3a 40 a5 d2
>4e
>06E0: 20 36 66 20 39 31 20 64   30 20 63 33 20 64 61 20   6f 91 d0 c3
>da
>06F0: 64 33 20 66 62 20 65 38   20 32 39 20 32 32 20 33  d3 fb e8 29
>22 3
>0700: 63 20 62 30 20 31 64 20   39 61 20 66 32 20 30 35  c b0 1d 9a f2
>05
>0710: 20 32 64 20 36 64 20 32   36 20 62 62 20 62 61 20   2d 6d 26 bb
>ba
>0720: 36 39 20 61 31 20 33 66   20 66 66 20 62 35 20 65  69 a1 3f ff
>b5 e
>0730: 62 20 61 34 20 38 36 20   37 61 20 63 36 20 31 34  b a4 86 7a c6
>14
>0740: 20 34 61 20 64 39 20 37   61 20 65 62 20 63 31 20   4a d9 7a eb
>c1
>0750: 31 33 20 62 38 20 33 66   20 66 31 20 30 36 20 63  13 b8 3f f1
>06 c
>0760: 30 20 64 36 20 30 36 20   62 39 20 39 63 20 36 31  0 d6 06 b9 9c
>61
>0770: 20 36 33 20 63 61 20 61   34 20 30 37 20 61 35 20   63 ca a4 07
>a5
>0780: 36 39 20 66 64 20 36 35   20 61 38 20 33 66 20 65  69 fd 65 a8
>3f e
>0790: 35 20 63 38 20 35 39 20   34 38 20 65 36 20 34 34  5 c8 59 48 e6
>44
>07A0: 20 35 65 20 36 65 20 62   39 20 30 30 20 31 62 20   5e 6e b9 00
>1b
>07B0: 63 65 20 65 63 20 65 39   20 39 66 20 65 35 20 63  ce ec e9 9f
>e5 c
>07C0: 66 20 32 39 20 32 62 20   39 38 20 37 34 20 35 34  f 29 2b 98 74
>54
>07D0: 20 64 33 20 36 66 20 65   61 20 61 33 20 63 36 20   d3 6f ea a3
>c6
>07E0: 61 31 20 31 63 20 35 61   20 30 35 20 33 35 20 36  a1 1c 5a 05
>35 6
>07F0: 31 20 65 66 20 37 63 20   34 65 20 33 61 20 66 38  1 ef 7c 4e 3a
>f8
>0800: 20 35 66 20 66 63 20 37   38 20 63 65 20 39 32 20   5f fc 78 ce
>92
>0810: 34 39 20 32 66 20 64 31   20 64 38 20 62 32 20 37  49 2f d1 d8
>b2 7
>0820: 61 20 37 62 20 61 35 20   64 30 20 33 32 20 30 64  a 7b a5 d0 32
>0d
>0830: 20 63 30 20 36 64 20 38   31 20 64 39 20 35 33 20   c0 6d 81 d9
>53
>0840: 61 36 20 35 63 20 63 32   20 35 34 20 36 35 20 38  a6 5c c2 54
>65 8
>0850: 64 20 32 36 20 63 65 20   66 38 20 61 32 20 34 35  d 26 ce f8 a2
>45
>0860: 20 35 30 20 33 32 20 64   64 20 31 31 20 36 31 20   50 32 dd 11
>61
>0870: 33 62 20 61 34 20 66 35   20 36 65 20 66 32 20 36  3b a4 f5 6e
>f2 6
>0880: 37 20 37 31 20 66 65 20   33 65 20 65 37 20 64 65  7 71 fe 3e e7
>de
>0890: 20 33 38 20 64 64 20 33   35 20 39 64 20 30 64 20   38 dd 35 9d
>0d
>08A0: 66 31 20 36 65 20 66 66   20 62 31 20 33 62 20 32  f1 6e ff b1
>3b 2
>08B0: 64 20 37 32 20 31 65 20   32 66 20 64 35 20 66 36  d 72 1e 2f d5
>f6
>08C0: 20 39 65 20 66 66 20 39   64 20 62 61 20 36 65 20   9e ff 9d ba
>6e
>08D0: 37 36 20 36 63 20 64 30   20 33 65 20 39 30 20 38  76 6c d0 3e
>90 8
>08E0: 30 20 33 38 20 61 66 20   65 63 20 61 31 20 31 65  0 38 af ec a1
>1e
>08F0: 20 33 35 20 63 35 20 63   66 20 61 64 20 34 34 20   35 c5 cf ad
>44
>0900: 64 37 20 64 65 20 35 37   20 37 33 20 39 33 20 36  d7 de 57 73
>93 6
>0910: 65 20 37 63 20 39 61 20   66 33 20 34 31 20 36 66  e 7c 9a f3 41
>6f
>0920: 20 35 34 20 61 65 20 39   35 20 35 31 20 66 65 20   54 ae 95 51
>fe
>0930: 34 63 20 32 30 20 35 63   20 38 34 20 34 63 20 61  4c 20 5c 84
>4c a
>0940: 37 20 35 34 20 61 64 20   64 64 20 65 63 20 61 61  7 54 ad dd ec
>aa
>0950: 20 63 36 20 61 33 20 65   66 20 34 34 20 38 39 20   c6 a3 ef 44
>89
>0960: 63 37 20 34 34 20 30 36   20 32 32 20 30 33 20 32  c7 44 06 22
>03 2
>0970: 36 20 37 39 20 66 64 20   64 30 20 37 65 20 62 63  6 79 fd d0 7e
>bc
>0980: 20 39 62 20 34 34 20 65   61 20 38 66 20 33 63 20   9b 44 ea 8f
>3c
>0990: 64 62 20 66 37 20 39 30   20 65 63 20 61 39 20 32  db f7 90 ec
>a9 2
>09A0: 34 20 36 66 20 31 61 20   38 32 20 31 30 20 31 32  4 6f 1a 82 10
>12
>09B0: 20 38 65 20 35 61 20 35   35 20 34 34 20 39 37 20   8e 5a 55 44
>97
>09C0: 32 32 20 36 66 20 35 64   20 39 31 20 39 62 20 64  22 6f 5d 91
>9b d
>09D0: 62 20 61 38 20 36 62 20   63 64 20 65 34 20 65 61  b a8 6b cd e4
>ea
>09E0: 20 66 36 20 63 34 20 36   31 20 32 64 20 38 63 20   f6 c4 61 2d
>8c
>09F0: 36 37 20 66 65 20 37 32   20 62 61 20 36 30 20 35  67 fe 72 ba
>60 5
>0A00: 35 20 38 32 20 64 64 20   38 30 20 66 62 20 38 66  5 82 dd 80 fb
>8f
>0A10: 20 65 32 20 31 30 20 63   64 20 64 36 20 64 35 20   e2 10 cd d6
>d5
>0A20: 35 31 20 35 35 20 36 64   20 36 63 20 63 62 20 62  51 55 6d 6c
>cb b
>0A30: 33 20 37 36 20 65 33 20   35 37 20 65 64 20 62 66  3 76 e3 57 ed
>bf
>0A40: 20 30 61 20 35 36 20 37   31 20 35 35 20 37 38 20   0a 56 71 55
>78
>0A50: 38 64 20 64 35 20 32 38   20 61 63 20 39 30 20 35  8d d5 28 ac
>90 5
>0A60: 65 20 31 33 20 32 36 20   32 30 20 65 64 20 32 38  e 13 26 20 ed
>28
>0A70: 20 65 63 20 36 62 20 31   63 20 65 63 20 62 39 20   ec 6b 1c ec
>b9
>0A80: 66 39 20 31 33 20 65 38   20 62 37 20 39 64 20 39  f9 13 e8 b7
>9d 9
>0A90: 33 20 36 66 20 38 38 20   65 31 20 62 63 20 37 33  3 6f 88 e1 bc
>73
>0AA0: 20 61 37 20 62 65 20 31   31 20 64 61 20 63 39 20   a7 be 11 da
>c9
>0AB0: 62 31 20 36 32 20 64 39   20 31 33 20 36 34 20 31  b1 62 d9 13
>64 1
>0AC0: 61 20 35 39 20 30 30 20   65 61 20 61 39 20 31 64  a 59 00 ea a9
>1d
>0AD0: 20 64 34 20 33 38 20 38   30 20 38 64 20 61 63 20   d4 38 80 8d
>ac
>0AE0: 34 37 20 61 63 20 66 36   20 63 65 20 64 34 20 34  47 ac f6 ce
>d4 4
>0AF0: 36 20 37 36 20 63 61 20   39 39 20 36 37 20 35 32  6 76 ca 99 67
>52
>0B00: 20 38 34 20 64 65 20 61   35 20 64 36 20 65 33 20   84 de a5 d6
>e3
>0B10: 31 36 20 31 38 20 34 34   20 66 35 20 37 63 20 65  16 18 44 f5
>7c e
>0B20: 61 20 37 32 20 35 38 20   64 30 20 33 38 20 30 64  a 72 58 d0 38
>0d
>0B30: 20 36 38 20 66 36 20 64   35 20 61 65 20 34 34 20   68 f6 d5 ae
>44
>0B40: 32 35 20 33 34 20 64 37   20 66 38 20 39 38 20 64  25 34 d7 f8
>98 d
>0B50: 62 20 64 31 20 63 36 20   65 37 20 64 36 20 63 65  b d1 c6 e7 d6
>ce
>0B60: 20 32 32 20 37 34 20 38   33 20 62 63 20 30 35 20   22 74 83 bc
>05
>0B70: 63 35 20 34 35 20 32 37   20 39 65 20 61 33 20 61  c5 45 27 9e
>a3 a
>0B80: 39 20 31 39 20 30 65 20   35 37 20 36 30 20 36 36  9 19 0e 57 60
>66
>0B90: 20 66 66 20 30 33 20 62   61 20 33 35 20 63 30 20   ff 03 ba 35
>c0
>0BA0: 39 61 20 37 64 20 34 65   20 63 39 20 62 36 20 30  9a 7d 4e c9
>b6 0
>0BB0: 66 20 30 37 20 65 32 20   62 34 20 37 37 20 30 38  f 07 e2 b4 77
>08
>0BC0: 20 37 36 20 30 30 20 32   61 20 63 65 20 32 61 20   76 00 2a ce
>2a
>0BD0: 61 34 20 30 66 20 36 39   20 33 66 20 63 63 20 65  a4 0f 69 3f
>cc e
>0BE0: 37 20 66 35 20 37 36 20   32 38 20 30 30 20 39 66  7 f5 76 28 00
>9f
>0BF0: 20 31 65 20 39 36 20 36   66 20 31 66 20 64 36 20   1e 96 6f 1f
>d6
>0C00: 33 65 20 32 64 20 62 31   20 62 37 20 36 32 20 63  3e 2d b1 b7
>62 c
>0C10: 35 20 32 66 20 37 30 20   38 34 20 31 65 20 39 63  5 2f 70 84 1e
>9c
>0C20: 20 31 63 20 32 35 20 37   61 20 34 36 20 61 38 20   1c 25 7a 46
>a8
>0C30: 35 64 20 32 61 20 32 36   20 33 38 20 35 38 20 66  5d 2a 26 38
>58 f
>0C40: 38 20 62 36 20 66 39 20   35 64 20 33 61 20 30 66  8 b6 f9 5d 3a
>0f
>0C50: 20 65 39 20 37 34 20 30   61 20 36 35 20 65 65 20   e9 74 0a 65
>ee
>0C60: 65 62 20 31 61 20 61 31   20 30 35 20 32 65 20 39  eb 1a a1 05
>2e 9
>0C70: 61 20 30 31 20 31 63 20   61 34 20 38 31 20 62 65  a 01 1c a4 81
>be
>0C80: 20 33 30 20 38 31 20 62   62 20 61 30 20 30 33 20   30 81 bb a0
>03
>0C90: 30 32 20 30 31 20 30 33   20 61 32 20 38 31 20 62  02 01 03 a2
>81 b
>0CA0: 33 20 30 34 20 38 31 20   62 30 20 31 33 20 30 63  3 04 81 b0 13
>0c
>0CB0: 20 37 64 20 65 31 20 32   37 20 31 31 20 36 38 20   7d e1 27 11
>68
>0CC0: 37 36 20 63 39 20 31 63   20 31 35 20 65 34 20 38  76 c9 1c 15
>e4 8
>0CD0: 35 20 34 61 20 30 34 20   33 35 20 65 37 20 36 37  5 4a 04 35 e7
>67
>0CE0: 20 61 30 20 31 62 20 66   32 20 34 63 20 65 36 20   a0 1b f2 4c
>e6
>0CF0: 30 39 20 63 62 20 38 39   20 62 62 20 63 34 20 30  09 cb 89 bb
>c4 0
>0D00: 35 20 62 65 20 31 37 20   64 62 20 35 37 20 38 31  5 be 17 db 57
>81
>0D10: 20 34 66 20 37 30 20 30   62 20 63 35 20 61 37 20   4f 70 0b c5
>a7
>0D20: 61 31 20 66 64 20 32 66   20 35 30 20 61 36 20 32  a1 fd 2f 50
>a6 2
>0D30: 39 20 36 33 20 31 34 20   39 30 20 64 34 20 36 31  9 63 14 90 d4
>61
>0D40: 20 62 65 20 62 66 20 34   38 20 31 30 20 62 38 20   be bf 48 10
>b8
>0D50: 62 36 20 61 38 20 65 35   20 37 32 20 62 34 20 35  b6 a8 e5 72
>b4 5
>0D60: 36 20 37 65 20 38 39 20   37 36 20 32 63 20 64 65  6 7e 89 76 2c
>de
>0D70: 20 37 35 20 37 31 20 62   38 20 37 32 20 36 33 20   75 71 b8 72
>63
>0D80: 39 65 20 64 34 20 39 33   20 36 34 20 34 64 20 31  9e d4 93 64
>4d 1
>0D90: 37 20 65 34 20 35 61 20   35 38 20 35 30 20 39 65  7 e4 5a 58 50
>9e
>0DA0: 20 33 37 20 61 39 20 36   65 20 39 66 20 63 66 20   37 a9 6e 9f
>cf
>0DB0: 63 34 20 30 66 20 61 37   20 63 64 20 66 32 20 33  c4 0f a7 cd
>f2 3
>0DC0: 32 20 34 39 20 36 35 20   66 30 20 64 34 20 35 34  2 49 65 f0 d4
>54
>0DD0: 20 36 35 20 32 32 20 37   61 20 33 37 20 31 33 20   65 22 7a 37
>13
>0DE0: 66 30 20 34 33 20 33 35   20 35 63 20 34 64 20 34  f0 43 35 5c
>4d 4
>0DF0: 38 20 63 64 20 62 66 20   30 64 20 61 34 20 63 34  8 cd bf 0d a4
>c4
>0E00: 20 32 32 20 66 65 20 62   66 20 32 35 20 66 32 20   22 fe bf 25
>f2
>0E10: 31 33 20 32 62 20 31 30   20 36 31 20 35 31 20 34  13 2b 10 61
>51 4
>0E20: 62 20 63 36 20 34 33 20   39 63 20 62 38 20 63 61  b c6 43 9c b8
>ca
>0E30: 20 30 34 20 61 61 20 36   62 20 34 30 20 31 34 20   04 aa 6b 40
>14
>0E40: 62 39 20 32 35 20 65 38   20 32 32 20 30 33 20 33  b9 25 e8 22
>03 3
>0E50: 66 20 31 66 20 66 37 20   36 35 20 30 31 20 32 63  f 1f f7 65 01
>2c
>0E60: 20 35 32 20 35 35 20 36   66 20 32 34 20 36 39 20   52 55 6f 24
>69
>0E70: 63 36 20 39 35 20 39 38   20 65 35 20 37 38 20 35  c6 95 98 e5
>78 5
>0E80: 66 20 62 62 20 34 31 20   34 35 20 33 34 20 38 31  f bb 41 45 34
>81
>0E90: 20 65 30 20 31 39 20 66   33 20 32 62 20 35 61 20   e0 19 f3 2b
>5a
>0EA0: 33 61 20 62 64 20 32 34   20 65 34 20 62 36 20 33  3a bd 24 e4
>b6 3
>0EB0: 39 20 38 34 20 66 32 20   36 36 20 
>Will send token of size 1272 from initSecContext.
>Will read input token of size 1272 for processing by initSecContext
>Entered Krb5Context.initSecContext with state=STATE_IN_PROCESS
>Exception in thread "main" GSSException: Defective token detected
>(Mechanism level: AP_REP token id does not match!)
>        at sun.security.jgss.krb5.AcceptSecContextToken.<init>(AcceptSecContextToken.java:65)
>        at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:640)
>        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:213)
>        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)
>        at SampleClient.main(SampleClient.java:144)
>________________________________________________
>Kerberos mailing list           Kerberos@mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>  
>



--Boundary_(ID_S0aJ4w0LVvxBpu0sbQVqcg)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

--Boundary_(ID_S0aJ4w0LVvxBpu0sbQVqcg)--

0
11/29/2004 8:46:52 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
3868 Views

Similar Articles

[PageSpeed] 3

Reply:

Similar Artilces:

A problem with GSS-API (kdc = SEAM by SUN): GSSException Failure unspecified at GSS-API level (Mechanism level: Integrity check on decrypted field failed (31))
Hi doc!!!!: I am running the Sample with tutorial "Use of JAAS Login Utility and Java GSS-API for Secure Messages without JAAS programming" KDC is a SEAM in Solaris 9 JDK 1.5 The Code are SampleClient.java y SampleServer.java without relevant modifications If anyone has any ideas I'm all ears. Don Alex SERVER: Waiting for incoming connection... Got connection from client /157.253.50.59 Will read input token of size 517 for processing by acceptSecContext Debug is true storeKey true useTicketCache false useKeyTab false doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false Kerberos username [root]: alexmunoz/utria.uniandes.edu.co Kerberos password for alexmunoz/utria.uniandes.edu.co: al [Krb5LoginModule] user entered username: alexmunoz/utria.uniandes.edu.co Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 16. principal is alexmunoz/utria.uniandes.edu.co@UNIANDES.EDU.CO Acquire TGT using AS Exchange EncryptionKey: keyType=3 keyBytes (hex dump)=0000: B9 86 13 75 13 2C AB F1 EncryptionKey: keyType=1 keyBytes (hex dump)=0000: B9 86 13 75 13 2C AB F1 EncryptionKey: keyType=16 keyBytes (hex dump)=0000: AD 58 02 92 1A 5E B9 C2 BA 6D B0 64 0B 70 AE 1F .X...^...m.d.p.. 0010: 6D 98 C8 16 68 A4 16 19 Using builtin default etypes for default_tkt_enctypes default etypes...

[Fwd: Re: A problem with GSS-API (kdc = RH A.S. R3) GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
This is a multi-part message in MIME format. --Boundary_(ID_ZPOPgV2Eyj2zKWDAp18jPg) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT --Boundary_(ID_ZPOPgV2Eyj2zKWDAp18jPg) Content-type: message/rfc822; name="failed) - GSSException: Securitycontext init/accept not yet called or context deleted (Mechanism level: Wrapcalled in invalid st" Date: Fri, 26 Nov 2004 13:35:56 -0800 From: Seema Malkani <Seema.Malkani@sun.com> Subject: Re: A problem with GSS-API (kdc = RH A.S. R3) GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) - GSSException: Security context init/accept not yet called or context deleted (Mechanism level: Wrap called in invalid st In-reply-to: <55ce270.0411141410.41c43f98@posting.google.com> To: Don Alex <alexmunoz@uniandes.edu.co> Cc: kerberos@MIT.EDU Message-id: <41A7A1BC.6@sun.com> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.4) Gecko/20040414 References: <55ce270.0411141410.41c43f98@posting.google.com> Alex, Please check your Kerberos configuration and Kerberos principals set-up for client and server. When you run the SampleClient, you need to provide the client principal, assigned for Kerberos authentication, for e.g."mjones@KRBNT-OPERATIONS.ABC.COM". And the host-based service principal u...

Problem with GSS-API: GSSException Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC
Hi doc!!!!: I am running the Sample with tutorial "Use of JAAS Login Utility and Java GSS-API for Secure Messages without JAAS programming" KDC is a Windows 2003 JDK 1.5 The Code are SampleClient.java y SampleServer.java without relevant modifications If anyone has any ideas I'm all ears. Don Alex SERVER: Waiting for incoming connection... Got connection from client /157.253.50.59 Will read input token of size 1272 for processing by acceptSecContext Debug is true storeKey true useTicketCache false useKeyTab false doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false Kerberos username [root]: alexmunoz Kerberos password for alexmunoz: XXXXXXX [Krb5LoginModule] user entered username: alexmunoz Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 16. principal is alexmunoz@AD.UNIANDES.EDU.CO Acquire TGT using AS Exchange EncryptionKey: keyType=3 keyBytes (hex dump)=0000: 08 B5 45 BF B0 75 1F 91 EncryptionKey: keyType=1 keyBytes (hex dump)=0000: 08 B5 45 BF B0 75 1F 91 EncryptionKey: keyType=16 keyBytes (hex dump)=0000: E3 B0 02 83 67 57 EF E3 31 6E 9D 46 46 E3 25 0D ....gW..1n.FF.%. 0010: 1C 54 FB 54 1C 54 AB 3E Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 16. >>> EType: sun.security.krb5.internal.cr...

A problem with GSS-API (kdc = RH A.S. R3) GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
Hi doc!!!!: I am running the Sample with tutorial "Use of JAAS Login Utility and Java GSS-API for Secure Messages without JAAS programming" KDC is a Red Hat Linux AS release 3 JDK 1.5 The Code are SampleClient.java y SampleServer.java without relevant modifications If anyone has any ideas I'm all ears. Don Alex SERVER: Debug is true storeKey true useTicketCache false useKeyTab false doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config is false principal is mquiroga/pele.uniandes.edu.co@UNIANDES.EDU.CO tryFirstPass is false useFirstPass is false storePass is false clearPass is false Kerberos password for mquiroga/pele.uniandes.edu.co@UNIANDES.EDU.CO: mi [Krb5LoginModule] user entered username: mquiroga/pele.uniandes.edu.co@UNIANDES.EDU.CO Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 16. principal is mquiroga/pele.uniandes.edu.co@UNIANDES.EDU.CO Acquire TGT using AS Exchange EncryptionKey: keyType=3 keyBytes (hex dump)=0000: BA 07 CD 51 70 B6 92 0B EncryptionKey: keyType=1 keyBytes (hex dump)=0000: BA 07 CD 51 70 B6 92 0B EncryptionKey: keyType=16 keyBytes (hex dump)=0000: DA A8 7F 2F CE F2 AB F2 EF 2A 32 D5 C1 A8 19 DA .../.....*2..... 0010: F4 67 D3 D5 98 40 01 AD Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 16. >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType >>> KrbAsReq ca...

GSSException: Failure unspecified at GSS-API level (Mechanism level: Could not use DES Cipher
I am having a problem that may seem to indicate an issue between java 1.4 and 1.5 communication. I am using the GSS-API as a means of communication between a client and server application. The server performs all of its encryption as a Kerberos principal service. The client logins into Kerberos as a standard Kerberos user and initializes a SecurityContext with the server's Kerberos principal service. All messages passed back and forth between the client and server are then encrypted using wrap and unwrap. This all works fine if both the client and server are run using java 1.4 or 1.5. However if one is java 1.4 and one is java 1.5, I get the above exception. I need to get around this in some way as I will not be sure which version of java the various clients will be using. Any ideas what may be causing this and how to fix it? Such an error is returned if DES computation on the checksum failed. Have you configured to use the DES encryption type ? Is this error returned when using J2SE 1.4 or J2SE 1.5 ? Can you provide more details on this. Seema hunterae wrote: >I am having a problem that may seem to indicate an issue between java >1.4 and 1.5 communication. I am using the GSS-API as a means of >communication between a client and server application. The server >performs all of its encryption as a Kerberos principal service. The >client logins into Kerberos as a standard Kerberos user and initializes >a SecurityContext with the server's Kerbero...

GSSException: Failure unspecified at GSS-API level (Mechanism level: Could not use DES Cipher
I am having a problem that may seem to indicate an issue between java 1.4 and 1.5 communication. I am using the GSS-API as a means of communication between a client and server application. This problem only occurs when the server is being run using java 1.5 and I connect from a client using java 1.4 or vice versa. I'm not sure how to go about configuring to use the DES encryption type as you had mentioned. I created a special SecurityContext class which both the client and server use and simplifies the login/encryption/decryption process for the client and server. Essentially, on startup, the server logins into the SecurityContext object (using its login function) as a Kerberos principal server. On startup, the client logins into the SecurityContext object as a Kerberos principal user. The client then using SecurityContext's initSecContext to initialize a GSSContext to the Kerberos principal server, which the server later accepts using the acceptSecContext method. Finally, wrap and unwrap are used to encrypt/decrypt messages passed back and forth. Here is the stack trace of the exception I am getting: GSSException: Failure unspecified at GSS-API level (Mechanism level: Could not use DES Cipher - Output buffer must be (at least) 16 bytes long) at sun.security.jgss.krb5.Message Token.getDesCbcChecksum(Messag eToken.java:530) at sun.security.jgss.krb5.Message Token.getChecksum(MessageToken ..java:453) at sun.security.jgss.krb5.Message Token.verifySignAndSeq...

Problem with kerberos working correct due to 2 Domains gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Key table entry not found)
Hi guys, I'm working about 3 days at this problem and I can't fix it and now I have no more ideas: Customers environment: Windowsdomain with DC where all Users are: contoso.local Sless11 for Webapplication is in a domain: contoso.lan (this is not a Windowsdomain - just the server is configured for this And thats the problem. I don't know - how to manage these two domains. URL to access to the Webapplication is: When I now try to access from a Windowsmachine wich is in the Domain contoso.local at URL http://sless11.contoso.lan/webapp there comes a 401 from the apach...

[rfc-dist] RFC 5179 on Generic Security Service Application Program Interface (GSS-API) Domain-Based Service Names Mapping for the Kerberos V GSS Mechanism
A new Request for Comments is now available in online RFC libraries. RFC 5179 Title: Generic Security Service Application Program Interface (GSS-API) Domain-Based Service Names Mapping for the Kerberos V GSS Mechanism Author: N. Williams Status: Standards Track Date: May 2008 Mailbox: Nicolas.Williams@sun.com Pages: 5 Characters: 8017 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-kitten-krb5-gssapi-domain-based-names-05.txt URL: http://www.rfc-editor.org/rfc/rfc5179.txt This document describes the mapping of Generic Security Service Application Program Interface (GSS-API) domain-name-based service principal names onto Kerberos V principal names. [STANDARDS TRACK] This document is a product of the Kitten (GSS-API Next Generation) Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from t...

Re: [tao-users] [Fwd: Re: PROBLEM-REPORT-FORM
Hi, > To humour myself, I replaced the current (5.5.6) nsdel.cpp with the 5.5.6 is not current, the current version is 5.6.3 which you can obtain from http://download.dre.vanderbilt.edu. Johnny ...

Re: Java GSS-API and kerberos Service Tickets
To give some background of my application, i am developing web application which will support Kerberos SSO on windows platform. It means that if some user logs in to Windows Client Machine and opens my application then my application will not throw any login screen . It will use Logged-in user credentials to login to my system. >From browser perspective, i am using SPNEGO support to get Kerberos ticket. My Web application can be deployed in reverseProxy or load balanced environments. In addition to that, there is a requirment to support kerberos login even if some end user tries to access internal app server directly i.e. by passing proxy. For example, i have deployed my appllication on node01.mydomain.com and revese proxy url is myapp.mydomain.com. So basically user can use both url to access my application. URL1 : myapp.mydomain.com ( Reverse Proxy ) URL2: node01.mydomain.com ( actual app server ) SInce i am using browser SPNEGO support so browser takes care of creating SPN to get Service Ticket from KDC. For example, if enduser opens URL1 ( myapp.mydomain.com ) then browser create SPN like below: HTTP/myapp.mydomain.com@MYDOMAIN.COM However, if enduser access intenal server URL2 ( node01.mydomain.com ) then browser create SPN like below: HTTP/node01mydomain.com@MYDOMAIN.COM I could register both these service in different accounts in Windows KDC. however, to make things simpler i tried putting all services in same account. However, irrespective of how i crea...

Help Needed for Kerberos token retrieval using GSS API
Hello Sir, I am not sure whether this is correct forum or not but...... Can you please let me know that how can I write JDK 1.6 program to = retrieve Kerberos token of the logged in user? I am very new to this = technology.=20 After reading few articles I am not able to understand, how I can do it = at my machine(stand alone Windows XP machine). Your inputs can help me a lot. Regards, Aditya ...

Re: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
Hi there, That problem may be fixed by "sync"ing the time of the server and client machines, before running kadmin. cheers, Nima D. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca ...

RE: BC-SNC, MIT Kerberos V, SSO, GSS-API v2
Calin, We can solve this problem using our GSS library which works in a consistent manner with SAP SNC on all platforms (including Linux). Our product is "Certified for SAP NetWeaver" So, if you are interested in a BC-SNC supported gss library for Linux please refer to www.cybersafe.ltd.uk/links/sap.htm Let me know if you have any further questions by emailing me off-list. Thanks, Tim. -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Barbat, Calin Sent: 13 August 2004 10:37 To: kerberos@mit.edu Subject: BC-SNC, MIT Kerberos V, SSO, GSS-API v2 Hello everybody, I need help with Single Sign-On for SAPguis running on Windows clients to an SAP Application Server 4.6C running on a Linux SLES server with authentification against an Active Directory provided by a Windows 2000 Server. In the following I'll describe how far I got, so the specialists can help with the remaining things to do. I'm trying now to get the actual Kerberos implementation (release 1.3.1) from MIT to work with our SAP Application Server 4.6C. Could it be that I need an older release? If so, which one and where can I get it? As I understand, the libgssapi_krb5.so library has to be tested for interoperability with a tool named gsstest, which is provided for free by SAP. I compiled, installed and configured Kerberos on the Linux AS and got a logon ticket from the Win2k KDC by logging in on the Linux prompt using: kinit C.Barbat...

Re: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface #2
Hi there, That problem may be fixed by "sync"ing the time of the server and client machines, before running kadmin. cheers, Nima D. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

RE: BC-SNC, MIT Kerberos V, SSO, GSS-API v2 #2
Calin, I appreciate your email. Thanks, and good luck. Regards, Tim. -----Original Message----- From: Barbat, Calin [mailto:c.barbat@osram.de] Sent: 17 August 2004 08:13 To: Tim Alsop Cc: kerberos@mit.edu Subject: AW: BC-SNC, MIT Kerberos V, SSO, GSS-API v2 Tim, I'm not interested in a commercial product, I already know there are several certified products around there; but e.g. the Duke University uses MIT Kerberos to do the job - seen it yesterday on URL: http://www.oit.duke.edu/techsupport/sap/sapgui/linux/ So I'd like to figure out how to properly configure Kerberos, as the libgssapi_krb5.so seems to work out of the box for them. Anyway, thank you for your marketing effort, Calin Barbat. -----Urspr´┐Żngliche Nachricht----- Von: Tim Alsop [mailto:Tim.Alsop@CyberSafe.Ltd.UK] Gesendet: Montag, 16. August 2004 18:59 An: Barbat, Calin Cc: kerberos@mit.edu Betreff: RE: BC-SNC, MIT Kerberos V, SSO, GSS-API v2 Calin, We can solve this problem using our GSS library which works in a consistent manner with SAP SNC on all platforms (including Linux). Our product is "Certified for SAP NetWeaver" So, if you are interested in a BC-SNC supported gss library for Linux please refer to www.cybersafe.ltd.uk/links/sap.htm Let me know if you have any further questions by emailing me off-list. Thanks, Tim. -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Barbat, Calin Sent: 13 August 2004 10:37 To: kerber...

RE: FWD: Re: Problem w/ IDLE on Win2000
Aahz writes: > Is there an SF bug for this? Should I add it to bugs.html? I couldn't find one (may have missed it), so I entered one this morning, figuring a duplicate was better than a dropped issue. I can't give a link to the one I entered... source forge is too slow to be used right now. Yes, adding to bugs.html is good. I wish we'd caught this before 2.3. Unfortunately, I usually avoid "Program Files" for exactly this reason, and I'm guessing other testers did the same. -- Michael Chermside ...

Re: Re: Problem with LDAP Referrals and Kerberos LDAP Backend
Hello together, It seems that not much people use LDAP Referal together with MIT Kerberos. Never the less the missing support ("feature") is something I really need. Is it possible that anybody of the developers adds this functionality? If not: Greg, could you please precise the places or try to add it? I can do the necessary tests. Best regards Chris On 11/03/2013 03:13 PM, Christopher Racky wrote: > I don't understand why this behavior is expected. For my opinion this > is a bug. It's simplest to think of this as a missing feature. If I read the code correctly, callers of the OpenLDAP library follow referrals using anonymous binds by default. With additional effort, callers can control how referrals bind. Although I believe I know roughly how the preferred behavior could be implemented, it would not be trivial to develop or test, so I can't give you any guarantees as to when it might happen. - Hello Greg, Thank you very much for your reply. I don't understand why this behavior is expected. For my opinion this is a bug. I would expect that after processsing referrals the same credentials are still reused. Is that a missunderstanding on my side? If not: it seems to be, that you know very exactly the place where this must be fixed. I'm not sure if you are a developer. If yes, do ...

RE: FWD: Re: Problem w/ IDLE on Win2000 #3
> From: Thomas Heller [mailto:theller@python.net] >=20 > If it helps, I'm willing to take over the windows installer -=20 > although I would probably stay with Wise. I've thought about seeing what it would take to produce an NSIS Python = installer. But I'm not volunteering... http://nsis.sourceforge.net/ We're looking at moving to NSIS for all our installers at work. Apart = from anything else, it works very nicely with source control (have you = ever tried merging a Wise installer from 3 branches in clearcase?). Tim Delaney ...

RE: RE: Kerberos, Windows2008 RODC and ticket forwarding Problem
Looking into the captures, I noticed that in the TGS-REQ packets , the NAME-TYPE is Unknown in both cases (Forwareded and not Forwarded Ticket). But in the forwarded ticket capture I don't see any AS-REQ. Could it be that what is causing the: KRB5KRB_AP_ERR_BAD_INTEGRITY ? ________________________________________ From: Sebastian Galiano Sent: 13 April 2012 08:58 To: kerberos@mit.edu Subject: RE: Kerberos, Windows2008 RODC and ticket forwarding Problem I found more information regarding my problem : http://lists.samba.org/archive/samba-technical/2010-September/073566.html The thing is that this problem has been patched and It works. In fact I found the code in krb5lib's current version source code that makes the trick, in the file get_in_tkt.c: /* * Windows Server 2008 R2 RODC insists on TGS principal names having the * right name type. */ if (krb5_princ_size(context, *server) == 2 && data_eq_string(*krb5_princ_component(context, *server, 0), KRB5_TGS_NAME)) { krb5_princ_type(context, *server) = KRB5_NT_SRV_INST; } return 0; } This sets the right type for NAME-TYPE, unfortunately it doesn't seem to work when I'm using a forwarded ticket. The name type in the request when the ticket is forwarded keeps being unknown, unlike when the ticket is granted from the machine then is : Service and Instance. ________________________________________ From: kerberos-bounces@mit.edu [kerbe...

RE: FWD: Re: Problem w/ IDLE on Win2000 #2
Tim Peters writes: > Have you confirmed that a problem exists? I haven't tried. Yes, I confirmed the problem. > Speaking of which, that doesn't look likely to change anytime soon, so if > someone else is willing to take over the PLabs Windows installer, it's > yours. Overall, it's in very good shape. > Most people accept the defaults. "Program Files" is fine for an end-user > app, but for a tool that's going to get used from scripts and command > shells, a path with an embedded space is just begging for needless problems. Of course... that's why I had tested 2.3, but had never tried putting it in "Program Files". It was phenomenally dumb of Microsoft to use a space in a standard directory (particularly the directory where programs go) on an OS which (at the time anyway) didn't (always) handle paths containing spaces. But it's still regrettable. Given the other risks involved, let's phrase the warning in bugs.html as "Warning: If Python is installed inside the "Program Files" directory (or any other directory containing a space), then IDLE will not start correctly. The preferred solution is to install to C:\Python23 (or some other drive in place of C:), but it can also be fixed by editing the shortcut for IDLE in the Programs menu." > Speaking of which, that doesn't look likely to change anytime soon, so if > someone else is willing to take over the PLabs Windows...

RE: Detecting Failures
Martin asks What do large operations with extremely high reliability factors do when they run bind? I run Lucent BIND 8.2.6 and support Active Directory globally. To put aside the debate on Microsoft DDNS with respect to security and resilience. For the corporate organisation may I recommend Lucent VitalQIP. This application supports IP Address management, DNS and DHCP functionality. The DNS function not only has true multi-master DNS with an easy to use GUI with worthwhile granular logging. It has a function called EDUP where your AD zones can be replicated to the other multi-master DNS servers within your organisation. Regards Eamon _________________________________ Eamon Murchan Server Team Leader IT Services X 53954 f53378 2.10-12 Maple Street -----Original Message----- From: Martin McCormick [mailto:martin@dc.cis.okstate.edu] Sent: 01 October 2003 15:56 To: comp-protocols-dns-bind@isc.org Subject: Detecting Failures In the old days, a catastrophic failure of the master dns was not nearly as devistating as it might be today in an Active Directory environment. Microsoft has a multimastering scheme where by several platforms all behave as the master dns so that if one fails, nobody notices outside of the system administrators, maybe. It is pretty easy to turn a slave in to a master as long as it had all the zones to begin with. That along with a second Ethernet interface means that one just brings it up on the master's ...

[Fwd: Re: [Fwd: Re: Questions, help!!]]
Thanks for the help, I just solved the situation by replacing the null values with '\N' in my text file. And I added an extra column in my postgreSQL table for the text files generated by Informix. Regards' Jaime -------- Original Message -------- Subject: Re: [Fwd: Re: [NOVICE] Questions, help!!] From: Bruce Momjian <pgman@candle.pha.pa.us> Date: Mon, November 10, 2003 5:41 pm To: barron@clubinter.net barron@clubinter.net wrote: > 1.ERROR: line 1, "Bad date external representation" when executing > copy cliente from '/home/txtfiles/clien...

[tao-users] [Fwd: Re: PROBLEM-REPORT-FORM
> -------- Original Message -------- > Subject: Re: PROBLEM-REPORT-FORM - nsdel syntax problem > Date: Wed, 20 Feb 2008 12:56:03 -0800 (PST) > From: jeffery.fitzgerald@gmail.com > > On Feb 20, 3:57 pm, Adam Mitz <mi...@ociweb.com> wrote: >> jeffery.fitzger...@gmail.com wrote: >> > ACE VERSION: 5.5.6 > >> > SYNOPSIS: >> > When i try delete a reference from my Naming Service using nsdel, I >> > get the following error: >> >> > Error: >> > (3744|3452) EXCEPTION, >> > The following node is missing >> > user exception, ID 'IDL:omg.org/CosNaming/NamingContext/NotFound:1.0' >> > ID: myservice >> >> > DESCRIPTION: >> > Before I upgraded to 5.5.6, I was using 5.4a. The following syntax >> > worked for me before the upgrade (and has actually worked since 5.2). >> >> > nsdel -ORBInitRef NameService=corbaloc:iiop:localhost:12345/ >> > NameService --name myservice >> >> > Any suggestions on what I might be doing wrong? Thanks. >> >> Try "--ns corbaloc:iiop:localhost:12345/NameService" instead of the >> -ORBInitRef option. Also, what does "nslist" report for the same arguments? > > > Hey Adam, > > That didn't seem to work for me either. I got the following output: > > nsdel --...

Re: (fwd) Re: (fwd) Bug in ConfigSpecs?
On Thursday, August 7, 2003, at 09:32 PM, Steve Lidie wrote: > From: "Ala Qumsieh" <qumsieh__@cim.mcgill.ca> > Newsgroups: comp.lang.perl.tk > References: <450DE710-C922-11D7-8278-00039366E622@lehigh.edu> > Subject: Re: (fwd) Bug in ConfigSpecs? > Lines: 24 > X-Priority: 3 > X-MSMail-Priority: Normal > X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > Message-ID: <iiBYa.101$z6.15567921@newssvr21.news.prodigy.com> > NNTP-Posting-Host: 209.213.198.25 >...

Web resources about - [Fwd: Re: Problem with GSS-API: GSSException Failure unspecified atof Defective token detected (Mechanism level: AP_REP] - comp.protocols.kerberos

Resources last updated: 3/11/2016 1:27:12 PM