Tengo una aplicación de cliente Java y una aplicación de servidor Java, y estoy tratando de autenticar al servidor a través de Kerberos. El cliente básicamente usa componentes http y SPNEGO para hacer una llamada HTTP GET, pero siempre obtengo 401 Unauthorized
como resultado.Java La autenticación Kerberos parece funcionar, sigue siendo rechazada
no puedo detectar el error en la secuencia de inicio de sesión Kerberos a continuación, tal vez ustedes pueden:
Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f
alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa
lse principal is null tryFirstPass is false useFirstPass is false storePass is f
alse clearPass is false
Kerberos-Benutzername [GP_Myuser]: [email protected]
Kerberos-Passwort f³r [email protected]:
[Krb5LoginModule] user entered username: [email protected]
LOCAL
default etypes for default_tkt_enctypes: 23.
Acquire TGT using AS Exchange
default etypes for default_tkt_enctypes: 23.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of retries =3, #bytes=144
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt=1, #bytes=144
>>> KrbKdcReq send: #bytes read=181
>>> KrbKdcReq send: #bytes read=181
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Tue Jul 05 16:28:31 CEST 2011 1309876111000
suSec is 250145
error code is 25
error Message is Additional pre-authentication required
realm is EESERV.LOCAL
sname is krbtgt/EESERV.LOCAL
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 11
PA-ETYPE-INFO etype = 23
PA-ETYPE-INFO salt =
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 23
PA-ETYPE-INFO2 salt = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
default etypes for default_tkt_enctypes: 23.
>>>KrbAsReq salt is EESERV.LOCALGP_Myuser
default etypes for default_tkt_enctypes: 23.
Pre-Authenticaton: find key for etype = 23
AS-REQ: Add PA_ENC_TIMESTAMP now
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of
retries =3, #bytes=222
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt=1, #bytes=222
>>> KrbKdcReq send: #bytes read=1450
>>> KrbKdcReq send: #bytes read=1450
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply GP_Myuser
default etypes for default_tkt_enctypes: 23.
principal is [email protected]
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 3D F9 1C A6 3B 94 7B 27 B3
6C D7 E5 70 77 84 22 =...;..'.l..pw."
Commit Succeeded
Found ticket for [email protected] to go to krbtgt/[email protected]
V.LOCAL expiring on Wed Jul 06 02:28:32 CEST 2011
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 23.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of
retries =3, #bytes=1452
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt
=1, #bytes=1452
>>> KrbKdcReq send: #bytes read=1436
>>> KrbKdcReq send: #bytes read=1436
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Krb5Context setting mySeqNumber to: 512880730
Created InitSecContextToken:
0000: 01 00 6E 82 05 51 30 82 05 4D A0 03 02 01 05 A1 ..n..Q0..M......
0010: 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 04 ......... ......
0020: 6E 61 82 04 6A 30 82 04 66 A0 03 02 01 05 A1 0E na..j0..f.......
0030: 1B 0C 45 45 53 45 52 56 2E 4C 4F 43 41 4C A2 24 ..EESERV.LOCAL.$
0040: 30 22 A0 03 02 01 00 A1 1B 30 19 1B 04 48 54 54 0".......0...HTT
0050: 50 1B 11 61 6C 66 2D 74 65 73 74 2E 65 6C 69 6E P..alf-test.server
0060: 2E 63 6F 6D A3 82 04 27 30 82 04 23 A0 03 02 01 .com...'0..#....
0070: 17 A1 03 02 01 03 A2 82 04 15 04 82 04 11 C2 1E ................
0080: 14 D0 18 19 AF 82 D3 92 7F 62 96 A9 92 F7 94 5B .........b.....[
0090: FF CA FE 66 2F C8 A9 C6 36 A2 2E FF EB FB CA 3D ...f/...6......=
00A0: 5D 5B 59 B5 0F E3 B7 B6 29 C2 62 A3 45 44 42 00 ][Y.....).b.EDB.
00B0: DA 14 3D 83 1E 50 3D AA A9 9F 0C A6 49 4E F3 51 ..=..P=.....IN.Q
00C0: 67 68 14 A4 D3 49 E6 6F 1C 2C 7D 04 7B F2 6E BD gh...I.o.,....n.
00D0: 23 07 DD CD 09 DC 89 62 73 0E 06 EE 68 28 39 A4 #......bs...h(9.
00E0: 22 3C 92 C0 22 C0 6B 0B 42 4B 95 B5 E5 AC 77 30 "<..".k.BK....w0
00F0: D8 75 A1 8D E8 FC A5 5A D6 1D A8 5B D4 15 82 C5 .u.....Z...[....
0100: AE 1E 36 48 72 01 9B 3C FA A9 60 20 1D 9A 84 20 ..6Hr..<..` ...
0110: 41 3F FA 71 A8 07 9C 50 73 FA 03 2B 8D 94 98 C8 A?.q...Ps..+....
0120: 57 A2 87 09 BF 87 26 62 2B 49 40 6A 67 C4 F1 00 W.....&[email protected]
0130: 66 55 D7 75 6D A6 2F 28 3C 68 86 1F 29 E1 7E 10 fU.um./(<h..)...
0140: CD 2B F0 78 A7 23 D9 18 8D 5D 98 F9 7D 00 11 78 .+.x.#...].....x
0150: 7B 5E D3 5E EA EE 74 82 B7 93 A4 DA 0E 3C 61 E6 .^.^..t......<a.
0160: B3 D5 5A F3 67 8C 03 4C 0E E6 42 96 8F E0 99 98 ..Z.g..L..B.....
0170: C2 A0 C6 D3 8F B4 A4 CA 99 C1 8A F0 6E 00 E0 BE ............n...
0180: 95 7F 1F F5 E7 15 3D 0F CD 22 51 D9 41 D0 5F 01 ......=.."Q.A._.
0190: 48 EB 47 64 B8 74 BC BE 76 0F AE 4B F4 E6 3A 1E H.Gd.t..v..K..:.
01A0: 2A 62 85 FA 7E 07 E7 8D 60 EC B9 23 10 E3 1B 1E *b......`..#....
01B0: C5 90 D2 25 BB C5 2C 05 A3 E2 39 D1 FF 70 CF E7 ...%..,...9..p..
01C0: D5 C6 13 E6 BC 60 55 89 C1 B9 FB 0F E4 5D E7 A5 .....`U......]..
01D0: 95 BA F9 70 EC 06 CB 62 E8 AD F3 29 BA 34 FF C2 ...p...b...).4..
01E0: 95 76 21 9B 0D 0B DE 66 05 0E EE 33 31 E7 BE 52 .v!....f...31..R
01F0: 64 DB 91 8B 55 96 5F E7 2D 2A EA E2 D3 BC 5F CD d...U._.-*...._.
0200: 46 E5 45 A1 07 68 28 BF 1D 32 7D 04 C0 60 97 78 F.E..h(..2...`.x
0210: 4F 8E 4C 92 2B F1 B2 C3 9B 04 D9 43 02 7F A5 27 O.L.+......C...'
0220: A4 8E 48 EE 5E A9 3B 7E 7F C0 54 0D A5 75 D2 B3 ..H.^.;...T..u..
0230: FC 72 3A 80 F4 9A F1 34 7C 51 54 13 F7 9E FE 79 .r:....4.QT....y
0240: 8F 15 5A A7 9E 47 9B 36 10 33 F3 08 EA F2 33 BB ..Z..G.6.3....3.
0250: 9F 45 61 ED 91 1F CF 30 05 76 C0 56 FB 38 51 25 .Ea....0.v.V.8Q%
0260: 27 1F 39 A5 C9 F9 0C D2 00 F2 6B E2 28 09 B2 30 '.9.......k.(..0
0270: A2 63 68 FE 46 A5 33 E0 60 BB B2 B5 DA 5A 78 2A .ch.F.3.`....Zx*
0280: 37 FE 16 0D 8E E6 97 52 47 28 B2 D0 92 DB F3 CD 7......RG(......
0290: 9A 5F 98 16 4E C9 96 2C 00 7C FE 96 B0 DE CD 6D ._..N..,.......m
02A0: 5A BC 13 1B E2 E7 F6 74 DE DC 2B B7 16 AB C0 0F Z......t..+.....
02B0: BA 4C 08 C3 4F 25 3C 1A 9A E5 36 32 8E D9 C7 10 .L..O%<...62....
02C0: 62 F2 13 BB 62 B4 C5 F2 9D 69 DB 6C 0C 37 E1 AF b...b....i.l.7..
02D0: F5 C6 D9 CD B5 F6 60 A2 93 DD 98 8C B2 59 C7 7A ......`......Y.z
02E0: 50 4D 27 7B CC DA C9 28 9D 05 9C E8 FC 57 F8 4A PM'....(.....W.J
02F0: 12 67 ED 7E 23 AB B5 FB 8A B7 CE 4D DA 1B 7F 1A .g..#......M....
0300: B3 6F DF 42 9F C4 90 C9 35 D9 77 33 CD 6C C5 B5 .o.B....5.w3.l..
0310: C2 A8 15 8C AE BD AE 5F 0A 0A AB 7C 8C F8 E2 9F ......._........
0320: 27 3C 27 85 B3 97 D9 9D DA 6E 56 25 3B BA D5 FB '<'......nV%;...
0330: AB 24 8B BE B7 26 12 7F B6 25 E5 26 DE 8D 54 AA .$...&...%.&..T.
0340: 0B 68 DB 4B 81 AD 9C FD 88 0F 7D 6A 97 79 E5 0F .h.K.......j.y..
0350: 5B 82 43 6F 05 AE C0 EB 77 A6 E3 39 BE 85 6E F0 [.Co....w..9..n.
0360: B5 F5 0B 13 E7 CC 7B 1E 81 4F 37 77 BB 02 26 C2 .........O7w..&.
0370: D7 2C 80 CD 62 91 A7 0C F8 D1 76 5C 21 39 A0 93 .,..b.....v\!9..
0380: 83 04 0A F7 1F C3 4B 0B 34 85 2D 90 75 4E FE 31 ......K.4.-.uN.1
0390: 61 BF D8 F3 36 B5 40 BA 06 F8 47 33 D4 DD EE 2A [email protected]*
03A0: 9C FB 5E 51 7A 25 F7 C1 3F 4D 58 73 F2 4A 50 EA ..^Qz%..?MXs.JP.
03B0: 68 09 27 85 F3 2E BB EA 8E B4 D3 7C DC 3B 52 71 h.'..........;Rq
03C0: 87 34 1B 6F 80 D1 D2 F1 7D C3 9E C4 C3 79 8A A7 .4.o.........y..
03D0: DA 0B A2 69 7C DE D5 67 C7 20 AD 97 A2 98 6A E3 ...i...g. ....j.
03E0: A3 59 BD D2 B6 19 18 1D AB A7 58 3A 56 16 ED 2A .Y........X:V..*
03F0: 75 73 4E DB 02 B5 77 4B F5 9D 1D A4 36 ED 39 26 usN...wK....6.9&
0400: B8 A4 CD 7C 79 5E 11 3C 36 9D DA DA E7 F5 D2 9F ....y^.<6.......
0410: BA 4B 45 E0 67 E5 4F 33 9E 0B 60 E6 76 EB 02 AC .KE.g.O3..`.v...
0420: CC 24 C4 EB 37 C4 31 B7 EA F3 EA 5B 39 D6 E3 0A .$..7.1....[9...
0430: DC F8 DE 8B 18 8C E0 25 5C 4B 85 38 B0 99 04 9C .......%\K.8....
0440: 61 75 17 E3 E6 0C 88 D9 7B C4 9A 2D 25 B3 C1 FE au.........-%...
0450: 9F FD 12 4F E0 DF CF E6 C1 BA 68 00 32 E8 1F 9A ...O......h.2...
0460: 2F 0E FB 44 59 53 8B 43 C5 B6 24 D3 76 B4 04 D2 /..DYS.C..$.v...
0470: 39 A9 21 41 EC A3 78 D1 9B 07 64 10 5B 64 EB 18 9.!A..x...d.[d..
0480: 08 5B 2C 45 90 53 C9 90 A0 4C 15 AF 8A D4 80 A4 .[,E.S...L......
0490: 81 C5 30 81 C2 A0 03 02 01 17 A2 81 BA 04 81 B7 ..0.............
04A0: CB D6 6F 4E E7 6C 78 93 EF 6D EA 0C C8 A9 6B 37 ..oN.lx..m....k7
04B0: EB 0E 9C C5 86 9E E6 BA 0D 88 26 BA FE A8 83 86 ..........&.....
04C0: D4 06 52 50 AF 48 BC 8F 66 08 F1 1E A4 97 5E 05 ..RP.H..f.....^.
04D0: 24 B4 DC 44 94 F3 5D 3D 07 17 10 33 15 D8 E0 0C $..D..]=...3....
04E0: E8 E8 0F 70 E6 23 B3 FF D5 23 63 02 A4 6B 86 C9 ...p.#...#c..k..
04F0: 88 96 FA 8B 02 3C E6 C6 19 7E 86 58 D5 07 80 8F .....<.....X....
0500: 21 10 7A F8 2D E2 C0 AE 33 19 A3 87 8F 18 03 A0 !.z.-...3.......
0510: 22 13 37 66 D5 CA 02 02 E9 51 87 D5 E5 7D 3E 84 ".7f.....Q....>.
0520: 6E 62 4A 0B 04 8D CF 79 07 DE 69 3B 49 95 B1 80 nbJ....y..i;I...
0530: F4 9A 86 62 8D BD F4 DA FB BC 69 97 9A 8D DE 92 ...b......i.....
0540: 0E 8A 65 E7 7C 62 E1 3D E6 93 AD 6F 0A 53 00 B0 ..e..b.=...o.S..
0550: 2F E7 09 A6 1B 01 72 /.....r
05.07.2011 16:28:33 org.apache.http.impl.client.DefaultRequestDirector tryExecute
INFO: I/O exception (org.apache.http.NoHttpResponseException) caught when proces
sing request: The target server failed to respond
05.07.2011 16:28:33 org.apache.http.impl.client.DefaultRequestDirector tryExecute
INFO: Retrying request
----------------------------------------
HTTP/1.1 401 Unauthorized
----------------------------------------
<html><head>
<meta http-equiv="Refresh" content="0; url=/share/page?pt=login">
</head><body><p>Please <a href="/share/page?pt=login">log in</a>.</p>
</body></html>
----------------------------------------
par de cosas. ¿Cuál es el SPN objetivo que ha proporcionado como argumento y qué Reino ha establecido en el web.xml del servlet requerido? Puede establecer JAAS Realm por ejemplo. –