Hi all,im going to be really desperate from this error message during the authentization to the Win2003 server where the Active Directory is running ... Im using Krb5LoginModule. - Our administrator of the AD service has enabled DES encryption at the tested account. - Im sure that entered ...

<h1>Please!</h1><h2>Turn on the format tag processing switch for this forum</h1><h2>As you can see html tags work</h2><h2>But normal formatting tags do not</h2><h1>Thank you for your prompt attention to this ...

UPDATE Old title: Error calling function Protocol status: 1312 FormatMessage failed with 1815I have written an application that authenticates to kerberos using the KerberosLoginModule. It used to work fine on all OS磗. (Windows 98, 2k, xp and Linux tested.)Now I have upgraded my application to ...

Is there a way to stop the service end of the JGSS negotiation from requesting a TGT for its service principle ? In a Kerberos GSSAPI negotiation the accepting service only needs access to a keytable containing the exported service key to successfully authentication and identify the client ...

Hi,I want to know how to retrieve the desktop credentials from a java program. Is it possible to retrieve the userid and password that the user used to login into the network.

Hello!How is it normal to make authentification of users by means of jaas/gssapi in java 1.5 ?In the java 1.6 all work is normall, but in the java 1.5 I receive error Pre-authentication information was invalid (24) ... I read in this forum You are using mixed-case Kerberos principal name, and ...

I am trying to use the following contructor for sun.security.krb5.KrbApReq:public KrbApReq(Credentials credentials, boolean flag, boolean flag1, boolean flag2, Checksum checksum)I got the Credential object, but not sure how to get the Checksum. Could somebody help? Reply is ...

<h1>My Web Page</h1></td></tr></span></table></td></tr></span></table></td></tr></span></table></td></tr></span></table></td></tr></span></table><h1>This ...

Hi,I need to use Kerberos and GSS-API authentication for user loing in my JSP/Java application against Active Directory in Windows 2003 Server. I have goen through one thread which is quite similar to my need, but it's used for Linux host, which u can see ...

Hi,Am trying to use Java GSS Api(JDK 1.5) to perform kerberos authentication on a Windows 2003 server. Am following the steps specified in JDK docs.Am receiving following error while calling login on LoginContextDebug is true storeKey true useTicketCache false useKeyTab false doNotPrompt false ...

I have an existing application, wich is working properly.I am now trying to run with a SecurityManager.After adding most of the rights it needs it runs the key exchange untill halfway.It gets stuck with a javax.security.auth.login.LoginException: java.lang.ClassCastException: ...

Hello,I get in my program a GSSException (expected, and does not harm):GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:133)at ...

Hello:I am using j2sdk1.4.2_07 and attempting to incorporate single-signon. There is a very nice article describing all of the steps necessary @ http://e-docs.bea.com/wls/docs90/secmanage/sso.htmlMy problem is at the final step which uses the kinit utility to verify Kerberos authentication is ...

I am trying to get my IE6 client (running on XP) to authenticate to my JBoss server (on 2003) using the Active Directory on a 2003 box. I am using Java 6 Beta 2. My krb5.ini file is:[libdefaults]default_realm = DEVEL.OPENROADSCONSULTING.COMdefault_tgs_enctypes = RC4-HMACdefault_tkt_enctypes = ...

I am trying to access active directory using JAAS nut when i run my code a get the attached message D:\JDeveloper10G\jdk\bin>java jasldapGSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)at ...

Hello,I'm trying to authenticate a user against Active Directory with Java. It works well but when i'm trying to use special characters (like ? ? ? in the password, the kerberos logon fails. Do i have to encode my string in another format ? Does kerberos support these char ?The code: public ...

Hello dear colleagues,I met with very strange behaviour using SSO. My test environment works on WinXP SP2, JDK 1.5.0_04-b05. Kerberos configuration file is located in <JRE_HOME>\lib\security\krb5.conf and contains following:[libdefaults]default_realm = <MY_REALM>clockskew = ...

Hiii, i am trying to search my ldap, i am able to connect using kerberos, butwhen i perform ldap serach i am getting the below error messagejavax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid ...

Hi,Am relatively new in the domain of Java Security, JAAS and JGSS. After reading the tutorials and examples, I was able to do authentication and message transfer using Kerberos LoginModule. All the examples demonstrates message transfer and credential passing at socket level.But in normal ...

I am trying to use my Windows Active Directory logon in my application. I create a login context as defined below:VicadsKerberos {com.sun.security.auth.module.Krb5LoginModule required storeKey=true useTicketCache=true debug=true;};I start my program with the following ...

Our application is java based, and we use JAAS to allow authentication for the users though Active Directory.In particular we alwyas encourage our prospect clients to use Krb5LoginModule.We would1. add new user to AD , set DES for the account, reset the password2.setspn -A ...

Hi,Using the Java GSS tutorials, I have been able to create code to successfully authenticate with our KDC server or from a local ticket cache.However, I have been unsuccessful in using the obtained credentials to perform client authentication with a web server running Apache using Kerberos for ...

HiI'm getting a Pre-authentication error for one user, all other users the authentication works well (60 others). So could anyone hazzard a guess as to why I get this problem just for this one user?I've looked at reasons for this error:a) bad passwordb) time skewc) useKeyTab option (I am not ...

Hi, I am trying to write a configuration tool to set Kerberos server name and so forth.It occurs to me that once "java.security.krb5.kdc" is set in JVM, the value can't be changed. The tool has to be shutdown and restarted to see use new value.Is there a better way than starting a new JVM? ...

We have a setup with windows2000 and Kerberos/JGSS. Can someone provide me with the information as to what additional needs to be done so as to be able to authenticate a username given in UTF-8 data. The user authentication for ascii characters succeeds for me but fails while I enter usename ...

Hi, I have a setup where a web application is deployed to use SPNEGO for user authentication ( using kerberos V ) and authorization. We have several users with non english characters in the user ID and even though kerberos authentication succeeds for such users ( KDC / Active Directory is ...

Hi,I am trying to use kerberos based authentication. Current setup of kerberos uses DNS based lookup of KDCs .i.e KDCs are not listed in krb5.conf file.Could someone let me know if can this be achieved ?ThanksPraveena M

Hi all,while developping a client-server application,I've had the occasion to read a document ABOUT the kerberos protocol and found it very interesting. I've tried customizing my codes so the authentification process looks like the concept of kerberos. But when trying to create the ...

Hi,We have implemented a Sinlge Sign On solution based on Kerberos and the Java GSS-API. The implementation pretty much follows the examples given in the JAAS Tutorials. It is now runningin my company and it works fine except until there are less than two hours until your TGT expires. Then an ...

This relates to my follow-up question in this thread: http://forum.java.sun.com/thread.jspa?threadID=779326I now know how to properly set the value of "java.security.auth.login.config" to point to a file in a jar. But when I try the same for the "java.security.krb5.conf " setting, I get this ...

Hii Javaties I need to implement Single Sign On.Can anbody tell me how 2 get started.Do i need to use Kerberos for SSO.

My team is in the process of building a client/server platform in Java that interoperates with a proprietary platform. The existing platform uses a proprietary security architecture that was inspired by Kerberos (v4?). Rather than develop my own security API, the JGSS-API seems like a good fit ...

I am facing one problem and I have been working for that from 3 days. But still I am not able to get solution.I want to perform Kerberos authentication. I am using Apache and orion webservers.I have installed mod_auth_kerb ( Kerberos module for Apache ). The authentication using Apache is done ...

Hi All,I have configured mod_auth_kerb with apache. After kerberos authentication I am not able to get user name that is authenticated.In Apaches error log file the name of the user got printed.Can anybody tell me how to get it?Please guide ...

SPNEGO - when I try this with Java version "1.6.0-rc", I end up with a GSSException with the message "Operation unavailable". How do I get more information about what this exactly means?--Specifically, I have a string starting with ...

I hope this is a newbie question for you guys out there since I've been googling for a solution for days but no luck so far. I am trying to learn JAAS programming and got started from a very simple example where a client authenticate to kerberos and send messages to a echo server. I am using ...

Hi,How can I validate a kerberos ticket that was generated on a non java platform and extract the name of the prinicipal from it ? In essence, this is a cross platform SSO.Here is the background. A C# client is sending the ASN encoding of a Kerberos ticket to a java server via a web service ...

HTTP/SPNEGO for "SSO" on MS Windows Hi all of you !The scene is simple : I got a software (All in plain java ) and some simple web access to this system. ( it's not a real web server wich will be in need for Apache or some big container it's just a few access to some informations of the ...

Hi,I am trying to run the GSSClient/GSSServer example in the JAAS/JGSS tutorial. In the tutorial it says "So for the purposes of trying out this tutorial, you could use your user name as both the client user name and the service principal name. "As I dont have permissions to make modifications ...

Hi,In the examples I have seen, a SPENGO token is transferred from client to server via sockets. Once the token is obtained,GSS-APi calls like the following can be called to extract the userIdfrom the SPENGO token. In the code below,innerContextToken would be obtained after some socket based ...

Hi,excuse me to disturb but i'm with a problemI can't resolve by myself and the prevoious post on the forum is not of a big help on it ...I have to struggle with SPNEGOSo after reading back the tutorials on security stuff (obviously there was a lot I had to learn and understand about security ...

Hi experts !I use Basic Authentication with ISS + Tomcat. I want to get user information from request.getHeader("Authentication") in a servlet. I have decoded it by Base64 coding. And I have following content:Negotiate ...

Hello,I need to find a Java library to be able to connect with HTTP to an Apache server which use the Kerberos (Negotiate) for authentification.Does anyone know something useful for me ?Thanks,Laurent

I'm trying to write a Java Servlet Filter to perform kerberos through Spnego. I'm working with a windows 2003 Server (Enterprise Edition) but I keep getting prompted for the password. This obviously won't do for a server program so I'm trying to figure out a way around entering the password ...

Hey,I am working on a single sign-on solution, using JAAS and Kerberos. The user should log-in to Windows and run an Java app afterwards which authenticates him to the KDC. Every other application should only connect to the KDC to authenticate the user.Is there a possibility to obtain the user ...

Hello!I am trying to integrate kerberos SSO into weblogic platform.Doing exactly as it is described here - http://dev2dev.bea.com.cn/techdoc/20060621823.htmlMy jaas config:com.sun.security.jgss.initiate {com.sun.security.auth.module.Krb5LoginModule requiredprincipal="HTTP/wl.dev.org@DEV.ORG" ...

Hi people,I have tried the GSS-API without JAAS tutorial for java 1.5 at http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html with that config:1) Environment config:- JKD 1.5.0 update 11- Windows XP pro against Active Directory on a Windows Server2) The ...

I am attempting to write a proof of concept of Single Sign On using Kerberos and Active Directory.I have searched through these forums and found several suggestions which I have attempted to use, in fact my code snippet below comes from these forums.I have set the registry setting ...

Hey,I am working on a single sign-on solution for smart clients (written in Java). Kerberos authentication with JAAS works fine, but what is the Java GSS API for? That - according to some Tutorials like "Single Sign-on Using Kerberos in Java" - is supposed to be executed in the Subject's doAs ...

Hi all,I'm facing a problem : the kerberos related utilities (kinit/klist/kdestroy) have disappeared since Java 1.6, and only under Linux. In a Windows installation, there's no problem.My question is : how can I replace now these utilities ? Is it a bug in the JDK or JRE installation package ...