Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Other Security APIs, Tools, and Issues

Kerberos login succeeded, but GSSAPI doesn't find a ticket?

I studied all the samples and forum posts to success in accessing my Win2003 based Active Directory from my WinXP client, but nothing helped:

Login using ticket cache works well, but LDAP complains about GSSAPI not beeing able to find a ticket. So what to do? Where's my fault?

Please help, I am getting nuts! ;-(

Acquire TGT from Cache

Principal is Karg@QUIPSY.LOCAL

Commit Succeeded

GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)

at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)

at sun.security.jgss.GSSManagerImpl.getCredentialElement(Unknown Source)

at sun.security.jgss.GSSCredentialImpl.add(Unknown Source)

at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)

at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)

at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)

at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)

at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)

at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)

at javax.naming.InitialContext.init(Unknown Source)

at javax.naming.InitialContext.<init>(Unknown Source)

at javax.naming.directory.InitialDirContext.<init>(Unknown Source)

at LdapTest.test0(LdapTest.java:64)

at LdapTest.access$0(LdapTest.java:58)

at LdapTest$1.run(LdapTest.java:41)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAs(Unknown Source)

at LdapTest.main(LdapTest.java:48)

GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)

at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)

at sun.security.jgss.GSSManagerImpl.getCredentialElement(Unknown Source)

at sun.security.jgss.GSSCredentialImpl.add(Unknown Source)

at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)

at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)

at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)

at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)

at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)

at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)

at javax.naming.InitialContext.init(Unknown Source)

at javax.naming.InitialContext.<init>(Unknown Source)

at javax.naming.directory.InitialDirContext.<init>(Unknown Source)

at LdapTest.test0(LdapTest.java:64)

at LdapTest.access$0(LdapTest.java:58)

at LdapTest$1.run(LdapTest.java:41)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAs(Unknown Source)

at LdapTest.main(LdapTest.java:48)

[Krb5LoginModule]: Entering logout

[Krb5LoginModule]: logged out Subject

Exception in thread "main" java.security.PrivilegedActionException: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided]]

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAs(Unknown Source)

at LdapTest.main(LdapTest.java:48)

Caused by: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided]]

at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)

at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)

at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)

at javax.naming.InitialContext.init(Unknown Source)

at javax.naming.InitialContext.<init>(Unknown Source)

at javax.naming.directory.InitialDirContext.<init>(Unknown Source)

at LdapTest.test0(LdapTest.java:64)

at LdapTest.access$0(LdapTest.java:58)

at LdapTest$1.run(LdapTest.java:41)

... 3 more

Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided]

at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)

... 21 more

Caused by: GSSException: No valid credentials provided

at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)

at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)

at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

... 22 more

[7390 byte] By [MarkusKargQUIPSYa] at [2007-10-2 17:15:39]
«« how to let my website can only be visited by IE?
»» problem with JDialog
# 1

If the Kerberos ticket in the ticket cache is not what your expected by your LDAP configuration, then failure is expected.

Check the validity of the Kerberos TGT in the ticket cache, encryption type used. In addition, check the Windows Active Directory configuration and setup, and the Kerberos realm used by your LDAP configuration.

Seema

Seema-1a at 2007-7-13 18:31:10 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
Security
Other Security APIs, Tools, and Issues

Security New Topic

Security Hot Topic

Security

All Classified