Thanks for all the help guys, I managed to find the correct way to call kinit
for Java on windows :-
I get the following :-
C:\>java -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Kinit -
k -t c:\keytab\tomcat.keytab HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL tc01pas
s
>>>KinitOptions cache name is C:\Users\tc01.KERBTEST\krb5cc_tc01
Principal is HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>> Kinit using keytab
>>> Kinit keytab file name: c:\keytab\tomcat.keytab
Java config name: null
LSA: Found Ticket
LSA: Made NewWeakGlobalRef
LSA: Found PrincipalName
LSA: Made NewWeakGlobalRef
LSA: Found DerValue
LSA: Made NewWeakGlobalRef
LSA: Found EncryptionKey
LSA: Made NewWeakGlobalRef
LSA: Found TicketFlags
LSA: Made NewWeakGlobalRef
LSA: Found KerberosTime
LSA: Made NewWeakGlobalRef
LSA: Found String
LSA: Made NewWeakGlobalRef
LSA: Found DerValue constructor
LSA: Found Ticket constructor
LSA: Found PrincipalName constructor
LSA: Found EncryptionKey constructor
LSA: Found TicketFlags constructor
LSA: Found KerberosTime constructor
LSA: Finished OnLoad processing
Native config name: C:\Windows\krb5.ini
Loaded from native config
>>> Kinit realm name is KERBTEST.LOCAL
>>> Creating KrbAsReq
>>> KrbKdcReq local addresses for win-tc01 are:
win-tc01/192.168.0.3
IPv4 address
win-tc01/fe80:0:0:0:95f0:c1e4:a0f3:f45%3
IPv6 address
>>> KdcAccessibility: reset
>>> KeyTabInputStream, readName(): kerbtest.local
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): win-tc01.kerbtest.local
>>> KeyTab: load() entry length: 70; type: 1
>>> KeyTabInputStream, readName(): kerbtest.local
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): win-tc01.kerbtest.local
>>> KeyTab: load() entry length: 70; type: 3
>>> KeyTabInputStream, readName(): kerbtest.local
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): win-tc01.kerbtest.local
>>> KeyTab: load() entry length: 78; type: 23
>>> KeyTabInputStream, readName(): kerbtest.local
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): win-tc01.kerbtest.local
>>> KeyTab: load() entry length: 94; type: 18
>>> KeyTabInputStream, readName(): kerbtest.local
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): win-tc01.kerbtest.local
>>> KeyTab: load() entry length: 78; type: 17
Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
Added key: 17version: 5
Added key: 18version: 5
Added key: 23version: 5
Found unsupported keytype (3) for HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
Found unsupported keytype (1) for HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
default etypes for default_tkt_enctypes: 23 18 17.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=win-dc01.kerbtest.local UDP:88, timeout=30000, number of
retries =3, #bytes=216
>>> KDCCommunication: kdc=win-dc01.kerbtest.local UDP:88, timeout=30000,Attempt
=1, #bytes=216
>>> KrbKdcReq send: #bytes read=213
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = KERBTEST.LOCALHTTPwin-tc01.kerbtest.l
ocal, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
>>> KdcAccessibility: remove win-dc01.kerbtest.local:88
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Wed Mar 25 21:09:04 GMT 2015 1427317744000
suSec is 382562
error code is 25
error Message is Additional pre-authentication required
sname is krbtgt/KERBTEST.LOCAL@KERBTEST.LOCAL
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = KERBTEST.LOCALHTTPwin-tc01.kerbtest.l
ocal, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
default etypes for default_tkt_enctypes: 23 18 17.
Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
Added key: 17version: 5
Added key: 18version: 5
Added key: 23version: 5
Found unsupported keytype (3) for HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
Found unsupported keytype (1) for HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
Added key: 17version: 5
Added key: 18version: 5
Added key: 23version: 5
Found unsupported keytype (3) for HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
Found unsupported keytype (1) for HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
default etypes for default_tkt_enctypes: 23 18 17.
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=win-dc01.kerbtest.local UDP:88, timeout=30000, number of
retries =3, #bytes=305
>>> KDCCommunication: kdc=win-dc01.kerbtest.local UDP:88, timeout=30000,Attempt
=1, #bytes=305
>>> KrbKdcReq send: #bytes read=180
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = KERBTEST.LOCALHTTPwin-tc01.kerbtest.l
ocal, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>> KdcAccessibility: remove win-dc01.kerbtest.local:88
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Wed Mar 25 21:09:08 GMT 2015 1427317748000
suSec is 600802
error code is 24
error Message is Pre-authentication information was invalid
sname is krbtgt/KERBTEST.LOCAL@KERBTEST.LOCAL
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = KERBTEST.LOCALHTTPwin-tc01.kerbtest.l
ocal, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
Exception: krb_error 24 Pre-authentication information was invalid (24) Pre-auth
entication information was invalid
KrbException: Pre-authentication information was invalid (24)
at sun.security.krb5.KrbAsRep.<init>(Unknown Source)
at sun.security.krb5.KrbAsReqBuilder.send(Unknown Source)
at sun.security.krb5.KrbAsReqBuilder.action(Unknown Source)
at sun.security.krb5.internal.tools.Kinit.<init>(Unknown Source)
at sun.security.krb5.internal.tools.Kinit.main(Unknown Source)
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.<init>(Unknown Source)
... 5 more
> Date: Wed, 25 Mar 2015 22:00:13 +0100
> From: a...@ice-sa.com
> To: users@tomcat.apache.org
> Subject: Re: SPNEGO test configuration with Manager webapp
>
> Felix Schumacher wrote:
>> Am 25.03.2015 um 20:19 schrieb André Warnier:
>>> David Marsh wrote:
>>>> Javas version of kinit seems to report issue ?
>>>>
>>>> C:\Program Files\Apache Software Foundation\Tomcat
>>>> 8.0\conf>"C:\Program Files\Ja
>>>> va\jdk1.8.0_40\bin\kinit" -t -k c:\keytab\tomcat.keytab
>>>> Exception: krb_error 0 Do not have keys of types listed in
>>>> default_tkt_enctypes
>>>> available; only have keys of following type: No error
>>>> KrbException: Do not have keys of types listed in
>>>> default_tkt_enctypes available
>>>> ; only have keys of following type:
>>>> at
>>>> sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:280)
>>>> at
>>>> sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:261)
>>>> at
>>>> sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:315)
>>>> at
>>>> sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
>>>> at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)
>>>> at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
>>>
>>> That seems to indicate that between the Java Kerberos module in
>>> Tomcat, and the KDC's Kerberos software, there is a mismatch in the
>>> types of keys used (type of encryption), so they do not understand
>>> eachother.
>>> This may be relevant : https://community.igniterealtime.org/thread/49913
>>>
>>> It is also a bit strange that it says :
>>> only have keys of following type:
>>> (with nothing behind the :.. )
>>>
>>> From what I keep browsing on the WWW, it also seems that the types of
>>> key encryptions that might match between Java Kerberos and Windows
>>> Kerberos, depend on the versions of both Java and Windows Server..
>>>
>> +1 (read your answer to late, I found the same link and posted it :)
>>> Man, this thing is really a nightmare, isn't it ?
>> I especially like the error messages.
>>
>
> Yes, and the thing is : there are a lot of pages on the www that describe the
> "correct"
> procedure, step by step, some even with screenshots etc..
> But they always leave something out, and you don't know what they left out..
>
>
>> Felix
>>>
>>>
>>>>
>>>> ----------------------------------------
>>>>> From: dmars...@outlook.com
>>>>> To: users@tomcat.apache.org
>>>>> Subject: RE: SPNEGO test configuration with Manager webapp
>>>>> Date: Wed, 25 Mar 2015 16:50:47 +0000
>>>>>
>>>>> Its possible I guess, although I would not expect that.
>>>>>
>>>>> The test is :-
>>>>>
>>>>> Client Test Windows 8.1 VM with Firefox -> Tomcat Server Windows 8.1 VM
>>>>>
>>>>> Firefox is not configured to use a proxy, its all in Vmware
>>>>> Workstation 10 using the Vmnet01 virtual network.
>>>>>
>>>>> Firefox has three 401 responses with headers "Authorization" and
>>>>> "WWW-Authenticate" :-
>>>>>
>>>>> 1 :- Reponse WWW-Authenticate: "Negotiate"
>>>>>
>>>>> 2 :- Request Authorization: "Negotiate
>>>>> YIIGUgYGKwYBBQUCoIIGRjCCBkKgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBgwEggYIYIIGBAYJKoZIhvcSAQICAQBuggXzMIIF76ADAgEFoQMCAQ6iBwMFACAAAACjggR6YYIEdjCCBHKgAwIBBaEQGw5LRVJCVEVTVC5MT0NBTKIqMCigAwIBAqEhMB8bBEhUVFAbF3dpbi10YzAxLmtlcmJ0ZXN0LmxvY2Fso4IEKzCCBCegAwIBF6EDAgEDooIEGQSCBBVToJwn2tPBboTTk5BBzJktj/GIuSekyM94atYd2nmQZr+LRVHUS1CD27iufu9aGtRLNT2YStbH3VgBpxcB0mEdOGcqfwif2htDkbFbSr6bmvZLz7PDMZv0mpUw2jcLnuVYpJjcw0fygonPpLYNTKnwrJJQA7eYMqY5DWI2ntF5RACw0qHJrXY2yFBQ3GOo8+1PHz9WcuxmTdUsLgx9QbFvEjTdksor5xvsInRNWOdjwgObnnhzGEF2RbAyD3HYanU4pdK9QL7HIEL5AI61czl2RfgVzDIGokBlW3k6R7jEp6jUBOwBjTnJC8gZthlAfTIqRlyZOntbFeHboeNY6YYtFukdewgBSuFKRTPd7wv4cvSBrF+FsvwIM0wiy2Kkp6fvyh3O/fHRXSR5AaJvnbIj+XtIUX86K5TGG0GmA9hnLjt4sacfxxz05aqlpQ1ttPBt67MEMECQiZZB4Ck1BsMpLSf22tCSVUwZEZF0MdtKiQTe7U0GDOEcm5oZfhpn8ecDkEosinyk10jGFK1cyr23TcwIlLH6yC0YaksB19EAADSF9dQKbftRUVcTjUgOdGcf7eEcUdNcmYw/ftHsanMwZEat5lznurgVFDwa6rjxVoc+X/C6Dwl+ME/yEClpwn6bxxD
>>>>>
>>>>>
>>> yCssxUgYsiRfWJGCr6EEPdWB5omQUf1o9ArvEbgtyS4kkHGLa3X5FeXctRwi2Yj/uLYnEOZHfkcoKk31FvdhSr92Kry4926hlS9ao4nyGS7ZVnvr1n8r5V6+D6UbYhUQgBvEaERgc8T822kiij1N/szQePAze4YWWTA0djryRSB0qqMGgBdtzg76+whlvjOkG0J4MjUbFy1iLvfOkIWXgHRChGeMCrphv64NmfgHQmOiYPdqtTgYlAvyW9riL1kci7Xz+D1XwfxJpdimsakfyRqpjIEkgU+QEN+aL8/1X8lRTu8uTepXVReBlSx2Am+DFgesBlkjWuYmIuj84mUH0Lcc7yHytOyfO5OJ4mI5O5YNkl167xMcI9akaH7LtS+c1OnfHwtlJsatLnOyLYwYP9KWpkh0i2d4DNV0EYs3B68UbsY3f4+bZcHW9SQ/PthGjzk5FTdOKh5dD0BLf1ADl+Rp5hegl0iGS6cVpZFnu8n3wPd2eenwQn0EDvyx3nuMyeETqqXEuLjTbqbMpzIxSxFl5s/1Nwaf4Up0a8wcEDNj3acnHicis8ELEORo+wtJnd0wyMIpfC+tFRsewhEHDttjWnqxkHbfpbOnChZkLOL04YoflhHK3ZrsBXk0Yu0udKIZBoJ7Pf5qiOdE36lEjAkWLB/2wVD+zvxfIKd7r9FSxAfYz0UsVYVyBX0RtF5GCpTPqLAk9ImL4xxpkijpUUwjlM9WylH8jafaHGwfmpUM9pIIBWjCCAVagAwIBF6KCAU0EggFJv04NvH3OA0+sXGdCWanthHZBM9DIq0AknWszbwm9z+7da/DThLEAnnozvO84tK/DD7fC/AnSWKXnqchILMdjPnZA5Bg3yjS4Y1rJFawc9fDNUmTCn4ILjjl6SSETMbJSFjzarv4wEfy5VU16DNBzWUxEJNH8PvsXTTfdzcwdsYnFwHGZbrcNxaJUtp3xpyoG/1EAgNk9i1UtewL1b
> HVkm
>>>
>>> muJXUXXetL7v4RzMuVD5q68q8nWDB1toKgcEjHEgEHWjODwSD/zoYwZrn1nCtnRm8aN9xKr097iK5K8ZUJKxWr4SlmAI6tZSyaVJGWJSzRvb47SZ9TVfk6Xft+vV+pVjxXdNAKIqHqA4tUfPCKgWff6iGmQI4fnJG5yYyyNFXOajz0qMYpfnbNLjc+nhsxjOUvZKOT4xTvhuOTCmdtabMybTVx4uNJEQ/4="
>>>
>>>
>>>>>
>>>>> Response WWW-Authenticate: Negotiate oRQwEqADCgEBoQsGCSqGSIb3EgECAg==
>>>>>
>>>>> 3 :- Request Authorization: "Negotiate
>>>>> oYIGGTCCBhWgAwoBAaKCBgwEggYIYIIGBAYJKoZIhvcSAQICAQBuggXzMIIF76ADAgEFoQMCAQ6iBwMFACAAAACjggR6YYIEdjCCBHKgAwIBBaEQGw5LRVJCVEVTVC5MT0NBTKIqMCigAwIBAqEhMB8bBEhUVFAbF3dpbi10YzAxLmtlcmJ0ZXN0LmxvY2Fso4IEKzCCBCegAwIBF6EDAgEDooIEGQSCBBVToJwn2tPBboTTk5BBzJktj/GIuSekyM94atYd2nmQZr+LRVHUS1CD27iufu9aGtRLNT2YStbH3VgBpxcB0mEdOGcqfwif2htDkbFbSr6bmvZLz7PDMZv0mpUw2jcLnuVYpJjcw0fygonPpLYNTKnwrJJQA7eYMqY5DWI2ntF5RACw0qHJrXY2yFBQ3GOo8+1PHz9WcuxmTdUsLgx9QbFvEjTdksor5xvsInRNWOdjwgObnnhzGEF2RbAyD3HYanU4pdK9QL7HIEL5AI61czl2RfgVzDIGokBlW3k6R7jEp6jUBOwBjTnJC8gZthlAfTIqRlyZOntbFeHboeNY6YYtFukdewgBSuFKRTPd7wv4cvSBrF+FsvwIM0wiy2Kkp6fvyh3O/fHRXSR5AaJvnbIj+XtIUX86K5TGG0GmA9hnLjt4sacfxxz05aqlpQ1ttPBt67MEMECQiZZB4Ck1BsMpLSf22tCSVUwZEZF0MdtKiQTe7U0GDOEcm5oZfhpn8ecDkEosinyk10jGFK1cyr23TcwIlLH6yC0YaksB19EAADSF9dQKbftRUVcTjUgOdGcf7eEcUdNcmYw/ftHsanMwZEat5lznurgVFDwa6rjxVoc+X/C6Dwl+ME/yEClpwn6bxxDyCssxUgYsiRfWJGCr6EEPdWB5omQUf1o9ArvEbgtyS4kkHGLa3X5FeXctRwi2Yj/uLYnEOZHfkco
>>>>>
>>>>>
>>> Kk31FvdhSr92Kry4926hlS9ao4nyGS7ZVnvr1n8r5V6+D6UbYhUQgBvEaERgc8T822kiij1N/szQePAze4YWWTA0djryRSB0qqMGgBdtzg76+whlvjOkG0J4MjUbFy1iLvfOkIWXgHRChGeMCrphv64NmfgHQmOiYPdqtTgYlAvyW9riL1kci7Xz+D1XwfxJpdimsakfyRqpjIEkgU+QEN+aL8/1X8lRTu8uTepXVReBlSx2Am+DFgesBlkjWuYmIuj84mUH0Lcc7yHytOyfO5OJ4mI5O5YNkl167xMcI9akaH7LtS+c1OnfHwtlJsatLnOyLYwYP9KWpkh0i2d4DNV0EYs3B68UbsY3f4+bZcHW9SQ/PthGjzk5FTdOKh5dD0BLf1ADl+Rp5hegl0iGS6cVpZFnu8n3wPd2eenwQn0EDvyx3nuMyeETqqXEuLjTbqbMpzIxSxFl5s/1Nwaf4Up0a8wcEDNj3acnHicis8ELEORo+wtJnd0wyMIpfC+tFRsewhEHDttjWnqxkHbfpbOnChZkLOL04YoflhHK3ZrsBXk0Yu0udKIZBoJ7Pf5qiOdE36lEjAkWLB/2wVD+zvxfIKd7r9FSxAfYz0UsVYVyBX0RtF5GCpTPqLAk9ImL4xxpkijpUUwjlM9WylH8jafaHGwfmpUM9pIIBWjCCAVagAwIBF6KCAU0EggFJxK5PpTX/g5phbQ2bv8XrnUCfC+cfDkPjAOnpnsiX7fRtA7k5qaEtUI/9KlqcAbV0jG3nQolKK5zEL6ftBXPW3FgZRRGmiYMQVpjBtIKapE1A+V/dveIrnnkxuuRmWrIJFYagOijzyilZj6cIIJqtmqI+QE4vKGIQl6lMwcgao9ZNZ2t2vLI5cD/BSjkFNbmgqLAuDZW357KVd5uoUJbHDpQHGWKw4A4x9vpvv+NUv1IrUaBe19PDQup/SILLHlUA8zr/OsHMytfPpVSv99fLBY7mcr0zw
> m+qh
>>>
>>> PF9Pos+Ch8y4hkocVOMXKEOcF+AKbxrzYhOydMFqanW6vNYQqB7Azz3GtP0YkFhU38JBG9UeKinEw2KT1Ii2pjCmTlF3/Q7gG2uqw6T5DR452ffxipG4yvXMCebDCnetitAbeIPXFJv1hdaJuMCO2E="
>>>
>>>
>>>>>
>>>>> Reponse WWW-Authenticate: "Negotiate"
>>>>>
>>>>> I'm not sure how long they should be, but they all end "=" so expect
>>>>> not truncated ?
>>>>>
>>>>> ----------------------------------------
>>>>>> Subject: RE: SPNEGO test configuration with Manager webapp
>>>>>> From: felix.schumac...@internetallee.de
>>>>>> Date: Wed, 25 Mar 2015 17:31:51 +0100
>>>>>> To: users@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>> Am 25. März 2015 17:25:25 MEZ, schrieb David Marsh
>>>>>> <dmars...@outlook.com>:
>>>>>>> This is how the keytab was created :-
>>>>>>>
>>>>>>> ktpass -ptype KRB5_NT_PRINCIPAL /out c:\tomcat.keytab /mapuser
>>>>>>> tc01@KERBTEST.LOCAL /princ
>>>>>>> HTTP/win-tc01.kerbtest.local@kerbtest.local
>>>>>>> /pass tc01pass
>>>>>>>
>>>>>>> The password is the correct password for the user tc01 associated
>>>>>>> with
>>>>>>> the SPN HTTP/win-tc01.kerbtest.local@kerbtest.local
>>>>>>>
>>>>>>> I managed to turn on some more logging around JAAS, see the error
>>>>>>> :- java.security.PrivilegedActionException: GSSException: Defective
>>>>>>> token detected
>>>>>> Do you talk directly to Tomcat, or is there any kind of proxy in
>>>>>> between?
>>>>>> Could the header be truncated?
>>>>>>
>>>>>> Felix
>>>>>>> 25-Mar-2015 15:46:22.131 INFO [main]
>>>>>>> org.apache.catalina.core.StandardService.startInternal Starting
>>>>>>> service Catalina
>>>>>>> 25-Mar-2015 15:46:22.133 INFO [main]
>>>>>>> org.apache.catalina.core.StandardEngine.startInternal Starting
>>>>>>> Servlet Engine: Apache Tomcat/8.0.20
>>>>>>> 25-Mar-2015 15:46:22.257 INFO [localhost-startStop-1]
>>>>>>> org.apache.catalina.startup.HostConfig.deployD
>>>>>>> irectory Deploying web application directory C:\Program Files\Apache
>>>>>>> Software Foundation\Tomcat 8.0\
>>>>>>> webapps\docs
>>>>>>> 25-Mar-2015 15:46:22.637 INFO [localhost-startStop-1]
>>>>>>> org.apache.catalina.startup.HostConfig.deployD
>>>>>>> irectory Deployment of web application directory C:\Program
>>>>>>> Files\Apache Software Foundation\Tomcat
>>>>>>> 8.0\webapps\docs has finished in 380 ms
>>>>>>> 25-Mar-2015 15:46:22.639 INFO [localhost-startStop-1]
>>>>>>> org.apache.catalina.startup.HostConfig.deployD
>>>>>>> irectory Deploying web application directory C:\Program Files\Apache
>>>>>>> Software Foundation\Tomcat 8.0\
>>>>>>> webapps\manager
>>>>>>> 25-Mar-2015 15:46:22.710 FINE [localhost-startStop-1]
>>>>>>> org.apache.catalina.authenticator.Authenticato
>>>>>>> rBase.startInternal No SingleSignOn Valve is present
>>>>>>> 25-Mar-2015 15:46:22.733 INFO [localhost-startStop-1]
>>>>>>> org.apache.catalina.startup.HostConfig.deployD
>>>>>>> irectory Deployment of web application directory C:\Program
>>>>>>> Files\Apache Software Foundation\Tomcat
>>>>>>> 8.0\webapps\manager has finished in 93 ms
>>>>>>> 25-Mar-2015 15:46:22.734 INFO [localhost-startStop-1]
>>>>>>> org.apache.catalina.startup.HostConfig.deployD
>>>>>>> irectory Deploying web application directory C:\Program Files\Apache
>>>>>>> Software Foundation\Tomcat 8.0\
>>>>>>> webapps\ROOT
>>>>>>> 25-Mar-2015 15:46:22.793 INFO [localhost-startStop-1]
>>>>>>> org.apache.catalina.startup.HostConfig.deployD
>>>>>>> irectory Deployment of web application directory C:\Program
>>>>>>> Files\Apache Software Foundation\Tomcat
>>>>>>> 8.0\webapps\ROOT has finished in 59 ms
>>>>>>> 25-Mar-2015 15:46:22.797 INFO [main]
>>>>>>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandl
>>>>>>> er ["http-nio-80"]
>>>>>>> 25-Mar-2015 15:46:22.806 INFO [main]
>>>>>>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandl
>>>>>>> er ["ajp-nio-8009"]
>>>>>>> 25-Mar-2015 15:46:22.808 INFO [main]
>>>>>>> org.apache.catalina.startup.Catalina.start Server startup in 72
>>>>>>> 1 ms
>>>>>>> 25-Mar-2015 15:46:28.280 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Security checking request GET /manager/html
>>>>>>> 25-Mar-2015 15:46:28.284 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Status interface]'
>>>>>>> against GET /html --> false
>>>>>>> 25-Mar-2015 15:46:28.286 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[JMX Proxy
>>>>>>> interface]' against GET /html --> fal
>>>>>>> se
>>>>>>> 25-Mar-2015 15:46:28.287 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Text Manager
>>>>>>> interface (for scripts)]' against
>>>>>>> GET /html --> false
>>>>>>> 25-Mar-2015 15:46:28.288 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[HTML Manager
>>>>>>> interface (for humans)]' against G
>>>>>>> ET /html --> true
>>>>>>> 25-Mar-2015 15:46:28.290 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Status interface]'
>>>>>>> against GET /html --> false
>>>>>>> 25-Mar-2015 15:46:28.291 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[JMX Proxy
>>>>>>> interface]' against GET /html --> fal
>>>>>>> se
>>>>>>> 25-Mar-2015 15:46:28.291 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Text Manager
>>>>>>> interface (for scripts)]' against
>>>>>>> GET /html --> false
>>>>>>> 25-Mar-2015 15:46:28.293 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[HTML Manager
>>>>>>> interface (for humans)]' against G
>>>>>>> ET /html --> true
>>>>>>> 25-Mar-2015 15:46:28.296 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Calling hasUserDataPermission()
>>>>>>> 25-Mar-2015 15:46:28.299 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.realm.RealmBase.hasUserDataPe
>>>>>>> rmission User data constraint has no restrictions
>>>>>>> 25-Mar-2015 15:46:28.302 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Calling authenticate()
>>>>>>> 25-Mar-2015 15:46:28.304 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.authenticator.SpnegoAuthentic
>>>>>>> ator.authenticate No authorization header sent by client
>>>>>>> 25-Mar-2015 15:46:28.305 FINE [http-nio-80-exec-1]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Failed authenticate() test
>>>>>>> 25-Mar-2015 15:46:28.417 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Security checking request GET /manager/html
>>>>>>> 25-Mar-2015 15:46:28.420 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Status interface]'
>>>>>>> against GET /html --> false
>>>>>>> 25-Mar-2015 15:46:28.422 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[JMX Proxy
>>>>>>> interface]' against GET /html --> fal
>>>>>>> se
>>>>>>> 25-Mar-2015 15:46:28.424 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Text Manager
>>>>>>> interface (for scripts)]' against
>>>>>>> GET /html --> false
>>>>>>> 25-Mar-2015 15:46:28.425 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[HTML Manager
>>>>>>> interface (for humans)]' against G
>>>>>>> ET /html --> true
>>>>>>> 25-Mar-2015 15:46:28.427 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Status interface]'
>>>>>>> against GET /html --> false
>>>>>>> 25-Mar-2015 15:46:28.428 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[JMX Proxy
>>>>>>> interface]' against GET /html --> fal
>>>>>>> se
>>>>>>> 25-Mar-2015 15:46:28.429 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Text Manager
>>>>>>> interface (for scripts)]' against
>>>>>>> GET /html --> false
>>>>>>> 25-Mar-2015 15:46:28.442 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[HTML Manager
>>>>>>> interface (for humans)]' against G
>>>>>>> ET /html --> true
>>>>>>> 25-Mar-2015 15:46:28.444 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Calling hasUserDataPermission()
>>>>>>> 25-Mar-2015 15:46:28.445 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.realm.RealmBase.hasUserDataPe
>>>>>>> rmission User data constraint has no restrictions
>>>>>>> 25-Mar-2015 15:46:28.445 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Calling authenticate()
>>>>>>> Debug is true storeKey true useTicketCache false useKeyTab true
>>>>>>> doNotPrompt true ticketCache is nul
>>>>>>> l isInitiator true KeyTab is C:/keytab/tomcat.keytab
>>>>>>> refreshKrb5Config
>>>>>>> is false principal is HTTP/wi
>>>>>>> n-tc01.kerbtest.local@KERBTEST.LOCAL tryFirstPass is false
>>>>>>> useFirstPass
>>>>>>> is false storePass is false
>>>>>>> clearPass is false
>>>>>>>>>> KeyTabInputStream, readName(): kerbtest.local
>>>>>>>>>> KeyTabInputStream, readName(): HTTP
>>>>>>>>>> KeyTabInputStream, readName(): win-tc01.kerbtest.local
>>>>>>>>>> KeyTab: load() entry length: 78; type: 23
>>>>>>> Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Java config name: C:\Program Files\Apache Software Foundation\Tomcat
>>>>>>> 8.0\conf\krb5.ini
>>>>>>> Loaded from Java config
>>>>>>> Added key: 23version: 3
>>>>>>>>>> KdcAccessibility: reset
>>>>>>> Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Added key: 23version: 3
>>>>>>> default etypes for default_tkt_enctypes: 23 18 17.
>>>>>>>>>> KrbAsReq creating message
>>>>>>>>>> KrbKdcReq send: kdc=win-dc01.kerbtest.local UDP:88, timeout=30000,
>>>>>>> number of retries =3, #bytes=
>>>>>>> 164
>>>>>>>>>> KDCCommunication: kdc=win-dc01.kerbtest.local UDP:88,
>>>>>>> timeout=30000,Attempt =1, #bytes=164
>>>>>>>>>> KrbKdcReq send: #bytes read=185
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 11
>>>>>>> PA-ETYPE-INFO etype = 23, salt =
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 19
>>>>>>> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 2
>>>>>>> PA-ENC-TIMESTAMP
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 16
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 15
>>>>>>>
>>>>>>>>>> KdcAccessibility: remove win-dc01.kerbtest.local:88
>>>>>>>>>> KDCRep: init() encoding tag is 126 req type is 11
>>>>>>>>>> KRBError:
>>>>>>> sTime is Wed Mar 25 15:46:28 GMT 2015 1427298388000
>>>>>>> suSec is 701709
>>>>>>> error code is 25
>>>>>>> error Message is Additional pre-authentication required
>>>>>>> sname is krbtgt/KERBTEST.LOCAL@KERBTEST.LOCAL
>>>>>>> eData provided.
>>>>>>> msgType is 30
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 11
>>>>>>> PA-ETYPE-INFO etype = 23, salt =
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 19
>>>>>>> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 2
>>>>>>> PA-ENC-TIMESTAMP
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 16
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 15
>>>>>>>
>>>>>>> KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
>>>>>>> default etypes for default_tkt_enctypes: 23 18 17.
>>>>>>> Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Added key: 23version: 3
>>>>>>> Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Added key: 23version: 3
>>>>>>> default etypes for default_tkt_enctypes: 23 18 17.
>>>>>>>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>>>>>>>> KrbAsReq creating message
>>>>>>>>>> KrbKdcReq send: kdc=win-dc01.kerbtest.local UDP:88, timeout=30000,
>>>>>>> number of retries =3, #bytes=
>>>>>>> 247
>>>>>>>>>> KDCCommunication: kdc=win-dc01.kerbtest.local UDP:88,
>>>>>>> timeout=30000,Attempt =1, #bytes=247
>>>>>>>>>> KrbKdcReq send: #bytes read=100
>>>>>>>>>> KrbKdcReq send: kdc=win-dc01.kerbtest.local TCP:88, timeout=30000,
>>>>>>> number of retries =3, #bytes=
>>>>>>> 247
>>>>>>>>>> KDCCommunication: kdc=win-dc01.kerbtest.local TCP:88,
>>>>>>> timeout=30000,Attempt =1, #bytes=247
>>>>>>>>>> DEBUG: TCPClient reading 1475 bytes
>>>>>>>>>> KrbKdcReq send: #bytes read=1475
>>>>>>>>>> KdcAccessibility: remove win-dc01.kerbtest.local:88
>>>>>>> Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Added key: 23version: 3
>>>>>>>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>>>>>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/win-tc01.kerbtest.local
>>>>>>> principal is HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Will use keytab
>>>>>>> Commit Succeeded
>>>>>>>
>>>>>>> Search Subject for SPNEGO ACCEPT cred (<<DEF>>,
>>>>>>> sun.security.jgss.spnego.SpNegoCredElement)
>>>>>>> Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>,
>>>>>>> sun.security.jgss.krb5.Krb5AcceptCredential)
>>>>>>> Found KeyTab C:\keytab\tomcat.keytab for
>>>>>>> HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Found KeyTab C:\keytab\tomcat.keytab for
>>>>>>> HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Found ticket for HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL to go to
>>>>>>> krbtgt/KERBTEST.LOCAL@KERBTEST
>>>>>>> .LOCAL expiring on Thu Mar 26 01:46:28 GMT 2015
>>>>>>> [Krb5LoginModule]: Entering logout
>>>>>>> [Krb5LoginModule]: logged out Subject
>>>>>>> 25-Mar-2015 15:46:28.995 FINE [http-nio-80-exec-2]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Failed authenticate() test
>>>>>>> 25-Mar-2015 15:46:29.010 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Security checking request GET /manager/html
>>>>>>> 25-Mar-2015 15:46:29.013 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Status interface]'
>>>>>>> against GET /html --> false
>>>>>>> 25-Mar-2015 15:46:29.014 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[JMX Proxy
>>>>>>> interface]' against GET /html --> fal
>>>>>>> se
>>>>>>> 25-Mar-2015 15:46:29.015 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Text Manager
>>>>>>> interface (for scripts)]' against
>>>>>>> GET /html --> false
>>>>>>> 25-Mar-2015 15:46:29.016 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[HTML Manager
>>>>>>> interface (for humans)]' against G
>>>>>>> ET /html --> true
>>>>>>> 25-Mar-2015 15:46:29.017 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Status interface]'
>>>>>>> against GET /html --> false
>>>>>>> 25-Mar-2015 15:46:29.018 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[JMX Proxy
>>>>>>> interface]' against GET /html --> fal
>>>>>>> se
>>>>>>> 25-Mar-2015 15:46:29.019 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[Text Manager
>>>>>>> interface (for scripts)]' against
>>>>>>> GET /html --> false
>>>>>>> 25-Mar-2015 15:46:29.021 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.realm.RealmBase.findSecurityC
>>>>>>> onstraints Checking constraint 'SecurityConstraint[HTML Manager
>>>>>>> interface (for humans)]' against G
>>>>>>> ET /html --> true
>>>>>>> 25-Mar-2015 15:46:29.022 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Calling hasUserDataPermission()
>>>>>>> 25-Mar-2015 15:46:29.023 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.realm.RealmBase.hasUserDataPe
>>>>>>> rmission User data constraint has no restrictions
>>>>>>> 25-Mar-2015 15:46:29.024 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Calling authenticate()
>>>>>>> Debug is true storeKey true useTicketCache false useKeyTab true
>>>>>>> doNotPrompt true ticketCache is nul
>>>>>>> l isInitiator true KeyTab is C:/keytab/tomcat.keytab
>>>>>>> refreshKrb5Config
>>>>>>> is false principal is HTTP/wi
>>>>>>> n-tc01.kerbtest.local@KERBTEST.LOCAL tryFirstPass is false
>>>>>>> useFirstPass
>>>>>>> is false storePass is false
>>>>>>> clearPass is false
>>>>>>> Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Added key: 23version: 3
>>>>>>> Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Added key: 23version: 3
>>>>>>> default etypes for default_tkt_enctypes: 23 18 17.
>>>>>>>>>> KrbAsReq creating message
>>>>>>>>>> KrbKdcReq send: kdc=win-dc01.kerbtest.local UDP:88, timeout=30000,
>>>>>>> number of retries =3, #bytes=
>>>>>>> 164
>>>>>>>>>> KDCCommunication: kdc=win-dc01.kerbtest.local UDP:88,
>>>>>>> timeout=30000,Attempt =1, #bytes=164
>>>>>>>>>> KrbKdcReq send: #bytes read=185
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 11
>>>>>>> PA-ETYPE-INFO etype = 23, salt =
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 19
>>>>>>> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 2
>>>>>>> PA-ENC-TIMESTAMP
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 16
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 15
>>>>>>>
>>>>>>>>>> KdcAccessibility: remove win-dc01.kerbtest.local:88
>>>>>>>>>> KDCRep: init() encoding tag is 126 req type is 11
>>>>>>>>>> KRBError:
>>>>>>> sTime is Wed Mar 25 15:46:29 GMT 2015 1427298389000
>>>>>>> suSec is 935731
>>>>>>> error code is 25
>>>>>>> error Message is Additional pre-authentication required
>>>>>>> sname is krbtgt/KERBTEST.LOCAL@KERBTEST.LOCAL
>>>>>>> eData provided.
>>>>>>> msgType is 30
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 11
>>>>>>> PA-ETYPE-INFO etype = 23, salt =
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 19
>>>>>>> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 2
>>>>>>> PA-ENC-TIMESTAMP
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 16
>>>>>>>
>>>>>>>>>> Pre-Authentication Data:
>>>>>>> PA-DATA type = 15
>>>>>>>
>>>>>>> KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
>>>>>>> default etypes for default_tkt_enctypes: 23 18 17.
>>>>>>> Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Added key: 23version: 3
>>>>>>> Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Added key: 23version: 3
>>>>>>> default etypes for default_tkt_enctypes: 23 18 17.
>>>>>>>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>>>>>>>> KrbAsReq creating message
>>>>>>>>>> KrbKdcReq send: kdc=win-dc01.kerbtest.local UDP:88, timeout=30000,
>>>>>>> number of retries =3, #bytes=
>>>>>>> 247
>>>>>>>>>> KDCCommunication: kdc=win-dc01.kerbtest.local UDP:88,
>>>>>>> timeout=30000,Attempt =1, #bytes=247
>>>>>>>>>> KrbKdcReq send: #bytes read=100
>>>>>>>>>> KrbKdcReq send: kdc=win-dc01.kerbtest.local TCP:88, timeout=30000,
>>>>>>> number of retries =3, #bytes=
>>>>>>> 247
>>>>>>>>>> KDCCommunication: kdc=win-dc01.kerbtest.local TCP:88,
>>>>>>> timeout=30000,Attempt =1, #bytes=247
>>>>>>>>>> DEBUG: TCPClient reading 1475 bytes
>>>>>>>>>> KrbKdcReq send: #bytes read=1475
>>>>>>>>>> KdcAccessibility: remove win-dc01.kerbtest.local:88
>>>>>>> Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Added key: 23version: 3
>>>>>>>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>>>>>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/win-tc01.kerbtest.local
>>>>>>> principal is HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Will use keytab
>>>>>>> Commit Succeeded
>>>>>>>
>>>>>>> Search Subject for SPNEGO ACCEPT cred (<<DEF>>,
>>>>>>> sun.security.jgss.spnego.SpNegoCredElement)
>>>>>>> Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>,
>>>>>>> sun.security.jgss.krb5.Krb5AcceptCredential)
>>>>>>> Found KeyTab C:\keytab\tomcat.keytab for
>>>>>>> HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Found KeyTab C:\keytab\tomcat.keytab for
>>>>>>> HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
>>>>>>> Found ticket for HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL to go to
>>>>>>> krbtgt/KERBTEST.LOCAL@KERBTEST
>>>>>>> .LOCAL expiring on Thu Mar 26 01:46:29 GMT 2015
>>>>>>> 25-Mar-2015 15:46:29.086 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.authenticator.SpnegoAuthentic
>>>>>>> ator.authenticate Unable to login as the service principal
>>>>>>> java.security.PrivilegedActionException: GSSException: Defective
>>>>>>> token
>>>>>>> detected (Mechanism level: G
>>>>>>> SSHeader did not find the right tag)
>>>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>>> at javax.security.auth.Subject.doAs(Subject.java:422)
>>>>>>> at
>>>>>>> org.apache.catalina.authenticator.SpnegoAuthenticator.authenticate(SpnegoAuthenticator.ja
>>>>>>>
>>>>>>>
>>>>>>> va:243)
>>>>>>> at
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:576)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:108
>>>>>>>
>>>>>>>
>>>>>>> 6)
>>>>>>> at
>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.jav
>>>>>>>
>>>>>>>
>>>>>>> a:659)
>>>>>>> at
>>>>>>> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProto
>>>>>>>
>>>>>>>
>>>>>>> col.java:223)
>>>>>>> at
>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>>>>>>
>>>>>>>
>>>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>>> Caused by: GSSException: Defective token detected (Mechanism level:
>>>>>>> GSSHeader did not find the right
>>>>>>> tag)
>>>>>>> at sun.security.jgss.GSSHeader.<init>(GSSHeader.java:97)
>>>>>>> at
>>>>>>> sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:306)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
>>>>>>>
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.catalina.authenticator.SpnegoAuthenticator$AcceptAction.run(SpnegoAuthenticato
>>>>>>>
>>>>>>>
>>>>>>> r.java:336)
>>>>>>> at
>>>>>>> org.apache.catalina.authenticator.SpnegoAuthenticator$AcceptAction.run(SpnegoAuthenticato
>>>>>>>
>>>>>>>
>>>>>>> r.java:323)
>>>>>>> ... 18 more
>>>>>>>
>>>>>>> [Krb5LoginModule]: Entering logout
>>>>>>> [Krb5LoginModule]: logged out Subject
>>>>>>> 25-Mar-2015 15:46:29.108 FINE [http-nio-80-exec-3]
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBa
>>>>>>> se.invoke Failed authenticate() test
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Date: Wed, 25 Mar 2015 16:48:10 +0100
>>>>>>>> From: felix.schumac...@internetallee.de
>>>>>>>> To: users@tomcat.apache.org
>>>>>>>> Subject: RE: SPNEGO test configuration with Manager webapp
>>>>>>>>
>>>>>>>> Am 25.03.2015 16:09, schrieb David Marsh:
>>>>>>>>> Put keytab in c:\keytab\tomcat.keytab, ensured owner was
>>>>>>>>> tc01@KERTEST.LOCAL, still same symptoms.
>>>>>>>>>
>>>>>>>>> Ran klist on client after firefox test and the three 401 responses.
>>>>>>> :-
>>>>>>>>> C:\Users\test.KERBTEST.000>klist
>>>>>>>>>
>>>>>>>>> Current LogonId is 0:0x2fd7a
>>>>>>>>>
>>>>>>>>> Cached Tickets: (2)
>>>>>>>>>
>>>>>>>>> #0> Client: test @ KERBTEST.LOCAL
>>>>>>>>> Server: krbtgt/KERBTEST.LOCAL @ KERBTEST.LOCAL
>>>>>>>>> KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
>>>>>>>>> Ticket Flags 0x40e10000 -> forwardable renewable initial
>>>>>>>>> pre_authent nam
>>>>>>>>> e_canonicalize
>>>>>>>>> Start Time: 3/25/2015 14:46:43 (local)
>>>>>>>>> End Time: 3/26/2015 0:46:43 (local)
>>>>>>>>> Renew Time: 4/1/2015 14:46:43 (local)
>>>>>>>>> Session Key Type: AES-256-CTS-HMAC-SHA1-96
>>>>>>>>> Cache Flags: 0x1 -> PRIMARY
>>>>>>>>> Kdc Called: 192.168.0.200
>>>>>>>>>
>>>>>>>>> #1> Client: test @ KERBTEST.LOCAL
>>>>>>>>> Server: HTTP/win-tc01.kerbtest.local @ KERBTEST.LOCAL
>>>>>>>>> KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
>>>>>>>>> Ticket Flags 0x40a10000 -> forwardable renewable pre_authent
>>>>>>>>> name_canoni
>>>>>>>>> calize
>>>>>>>>> Start Time: 3/25/2015 14:51:21 (local)
>>>>>>>>> End Time: 3/26/2015 0:46:43 (local)
>>>>>>>>> Renew Time: 4/1/2015 14:46:43 (local)
>>>>>>>>> Session Key Type: RSADSI RC4-HMAC(NT)
>>>>>>>>> Cache Flags: 0
>>>>>>>>> Kdc Called: 192.168.0.200
>>>>>>>>>
>>>>>>>>> Looks like I was granted a ticket for the SPN
>>>>>>>>> HTTP/win-tc01.kerbtest.local @ KERBTEST.LOCAL ?
>>>>>>>>>
>>>>>>>>> If I have ticket why do I get 401 ?
>>>>>>>> Your client has got a service ticket for HTTP/win-tc01... This is
>>>>>>> used
>>>>>>>> by firefox for authentication. Firefox transmits
>>>>>>>> this service ticket to the server (as base64 encoded in the
>>>>>>>> WWW-Authenticate header).
>>>>>>>>
>>>>>>>> Your server has to decrypt this ticket using its own ticket to
>>>>>>>> get at
>>>>>>>> the user information. This is where your problems arise.
>>>>>>>> It looks like your server has trouble to get its own ticket.
>>>>>>>>
>>>>>>>> Are you sure, that the password you used for keytab generation (on
>>>>>>> the
>>>>>>>> server side), is correct? ktpass will probably accept
>>>>>>>> any input as a password. Maybe you can check the keytab by using
>>>>>>> kinit
>>>>>>>> (though I don't know, if it exists for windows, or how
>>>>>>>> the java one is used).
>>>>>>>>
>>>>>>>> Felix
>>>>>>>>
>>>>>>>>> ----------------------------------------
>>>>>>>>>> Date: Tue, 24 Mar 2015 22:46:15 +0000
>>>>>>>>>> From: ma...@apache.org
>>>>>>>>>> To: users@tomcat.apache.org
>>>>>>>>>> Subject: Re: SPNEGO test configuration with Manager webapp
>>>>>>>>>>
>>>>>>>>>> On 24/03/2015 20:47, David Marsh wrote:
>>>>>>>>>>> Hi Felix,
>>>>>>>>>>> Thanks fort your help!
>>>>>>>>>>> I have enabled krb5 and gss debug.I altered CATALINA_OPTS in
>>>>>>>>>>> startup.bat and also added the same definitions to the Java
>>>>>>>>>>> parameters in Configure Tomcat tool.I definitely got more
>>>>>>> information
>>>>>>>>>>> when using startup.bat, not sure the settings get picked up by
>>>>>>>>>>> the
>>>>>>>>>>> windows service ?
>>>>>>>>>>> I do not think authentication completes, certainly authorization
>>>>>>> does
>>>>>>>>>>> not as I cant see the site and get 401 http status.
>>>>>>>>>>> I have not configured a tomcat realm but I have put the test user
>>>>>>> a
>>>>>>>>>>> manager-gui group in Active Directory.
>>>>>>>>>> I've only given your config a quick scan, but the thing that jumps
>>>>>>> out
>>>>>>>>>> at me is spaces in the some of the paths. I'm not sure how well
>>>>>>>>>> krb5.ini
>>>>>>>>>> will handle those. It might be fine. It might not be.
>>>>>>>>>>
>>>>>>>>>> Mark
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> David
>>>>>>>>>>>> Date: Tue, 24 Mar 2015 21:39:38 +0100
>>>>>>>>>>>> From: felix.schumac...@internetallee.de
>>>>>>>>>>>> To: users@tomcat.apache.org
>>>>>>>>>>>> Subject: Re: SPNEGO test configuration with Manager webapp
>>>>>>>>>>>>
>>>>>>>>>>>> Am 24.03.2015 um 21:25 schrieb David Marsh:
>>>>>>>>>>>>> Everything is as described and still not working, except the
>>>>>>>>>>>>> jaas.conf is :-
>>>>>>>>>>>>>
>>>>>>>>>>>>> com.sun.security.jgss.krb5.initiate {
>>>>>>>>>>>>> com.sun.security.auth.module.Krb5LoginModule required
>>>>>>>>>>>>> doNotPrompt=true
>>>>>>>>>>>>> principal="HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL"
>>>>>>>>>>>>> useKeyTab=true
>>>>>>>>>>>>> keyTab="C:/Program Files/Apache Software Foundation/Tomcat
>>>>>>>>>>>>> 8.0/conf/tomcat.keytab"
>>>>>>>>>>>>> storeKey=true;
>>>>>>>>>>>>> };
>>>>>>>>>>>>>
>>>>>>>>>>>>> com.sun.security.jgss.krb5.accept {
>>>>>>>>>>>>> com.sun.security.auth.module.Krb5LoginModule required
>>>>>>>>>>>>> doNotPrompt=true
>>>>>>>>>>>>> principal="HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL"
>>>>>>>>>>>>> useKeyTab=true
>>>>>>>>>>>>> keyTab="C:/Program Files/Apache Software Foundation/Tomcat
>>>>>>>>>>>>> 8.0/conf/tomcat.keytab"
>>>>>>>>>>>>> storeKey=true;
>>>>>>>>>>>>> };
>>>>>>>>>>>>>
>>>>>>>>>>>>> In other words the principal is the tomcat server as it should
>>>>>>> be.
>>>>>>>>>>>>>> Date: Tue, 24 Mar 2015 21:17:59 +0100
>>>>>>>>>>>>>> From: felix.schumac...@internetallee.de
>>>>>>>>>>>>>> To: users@tomcat.apache.org
>>>>>>>>>>>>>> Subject: Re: SPNEGO test configuration with Manager webapp
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Am 24.03.2015 um 21:05 schrieb David Marsh:
>>>>>>>>>>>>>>> Sorry thats :-
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> principal="HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL"
>>>>>>>>>>>>>>> under jaas.conf, it is set to the tomcat server DNS.
>>>>>>>>>>>>>> Is it working with this configuration, or just to point out,
>>>>>>> that
>>>>>>>>>>>>>> you
>>>>>>>>>>>>>> copied the wrong jaas.conf for the mail?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Felix
>>>>>>>>>>>>>>> ----------------------------------------
>>>>>>>>>>>>>>>> From: dmars...@outlook.com
>>>>>>>>>>>>>>>> To: users@tomcat.apache.org
>>>>>>>>>>>>>>>> Subject: SPNEGO test configuration with Manager webapp
>>>>>>>>>>>>>>>> Date: Tue, 24 Mar 2015 20:02:04 +0000
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I'm trying to get SPNEGO authentication working with Tomcat
>>>>>>> 8.
>>>>>>>>>>>>>>>> I've created three Windows VMs :-
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Tomcat Server - Windows 8.1 32 bit VM
>>>>>>>>>>>>>>>> Test Client - Windows 8.1 32 bit VM
>>>>>>>>>>>>>>>> Domain Controller - Windows Server 2012 R2 64 bit VM
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> The Tomcat Server and the Test Client are joined to the same
>>>>>>>>>>>>>>>> domain kerbtest.local, they are logged in with domain
>>>>>>>>>>>>>>>> logins.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> The firewall is disabled on the Tomcat Server VM.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I've followed the guidelines on the Apache Tomcat website.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> jaas.conf
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> com.sun.security.jgss.krb5.initiate {
>>>>>>>>>>>>>>>> com.sun.security.auth.module.Krb5LoginModule required
>>>>>>>>>>>>>>>> doNotPrompt=true
>>>>>>>>>>>>>>>> principal="HTTP/win-dc01.kerbtest.local@KERBTEST.LOCAL"
>>>>>>>>>>>>>>>> useKeyTab=true
>>>>>>>>>>>>>>>> keyTab="C:/Program Files/Apache Software Foundation/Tomcat
>>>>>>>>>>>>>>>> 8.0/conf/tomcat.keytab"
>>>>>>>>>>>>>>>> storeKey=true;
>>>>>>>>>>>>>>>> };
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> com.sun.security.jgss.krb5.accept {
>>>>>>>>>>>>>>>> com.sun.security.auth.module.Krb5LoginModule required
>>>>>>>>>>>>>>>> doNotPrompt=true
>>>>>>>>>>>>>>>> principal="HTTP/win-dc01.kerbtest.local@KERBTEST.LOCAL"
>>>>>>>>>>>>>>>> useKeyTab=true
>>>>>>>>>>>>>>>> keyTab="C:/Program Files/Apache Software Foundation/Tomcat
>>>>>>>>>>>>>>>> 8.0/conf/tomcat.keytab"
>>>>>>>>>>>>>>>> storeKey=true;
>>>>>>>>>>>>>>>> };
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> krb5.ini
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> [libdefaults]
>>>>>>>>>>>>>>>> default_realm = KERBTEST.LOCAL
>>>>>>>>>>>>>>>> default_keytab_name = FILE:C:\Program Files\Apache Software
>>>>>>>>>>>>>>>> Foundation\Tomcat 8.0\conf\tomcat.keytab
>>>>>>>>>>>>>>>> default_tkt_enctypes =
>>>>>>>>>>>>>>>> rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
>>>>>>>>>>>>>>>> default_tgs_enctypes =
>>>>>>>>>>>>>>>> rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
>>>>>>>>>>>>>>>> forwardable=true
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> [realms]
>>>>>>>>>>>>>>>> KERBTEST.LOCAL = {
>>>>>>>>>>>>>>>> kdc = win-dc01.kerbtest.local:88
>>>>>>>>>>>>>>>> }
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I want to use the tomcat manager app to test SPNEGO with
>>>>>>> Active
>>>>>>>>>>>>>>>> Directory.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I have tried to keep the setup as basic and vanilla to the
>>>>>>>>>>>>>>>> instructions as possible.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Users were created as instructed.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Spn was created as instructed
>>>>>>>>>>>>>>>> setspn -A HTTP/win-tc01.kerbtest.local tc01
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> keytab was created as instructed
>>>>>>>>>>>>>>>> ktpass /out c:\tomcat.keytab /mapuser tc01@KERBTEST.LOCAL
>>>>>>> /princ
>>>>>>>>>>>>>>>> HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL /pass tc01pass
>>>>>>> /kvno
>>>>>>>>>>>>>>>> 0
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I have tried to test with firefox, chrome and IE, after
>>>>>>> ensuring
>>>>>>>>>>>>>>>> http://win-tc01.kerbtest.local is a trusted site in IE. In
>>>>>>>>>>>>>>>> firefox I added http://win-tc01.kerbtest.local to
>>>>>>>>>>>>>>>> network.negotiate-auth.delegation-uris and
>>>>>>>>>>>>>>>> network.negotiate-auth.trusted-uris.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Tomcat is running as a Windows service under the
>>>>>>>>>>>>>>>> tc01@kerbtest.local account.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Visiting URL from the Test Client VM :-
>>>>>>>>>>>>>>>> http://win-tc01.kerbtest.local in firefox results in 401
>>>>>>> three
>>>>>>>>>>>>>>>> times.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Looking at the Network tab in developer tools in firefox
>>>>>>> shows
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
