Recently, we ran into some weird exceptions in the Tomcat log that we have never seen before. We are using CAS 3.2.1 on Tomcat 6 with the JaasAuthenticationHandler and the Krb5LoginModule to authenticate users to Active Directory on a RHEL 5 box. The only thing I know that has changed is that our Active Directory administrators upgraded a few domain controllers from AD 2003 to AD 2008. In the log sample below, the following exception was logged from a user entering an invalid password.
Has anyone encountered similar issues? Thanks, A- javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5Login Module.java:696) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542) at sun.reflect.GeneratedMethodAccessor54.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler.authe nticateUsernamePasswordInternal(JaasAuthenticationHandler.java:76) at org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthent icationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandle r.java:56) at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAut henticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHa ndler.java:71) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Authenti cationManagerImpl.java:88) at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(Ce ntralAuthenticationServiceImpl.java:411) at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaF ormAction.java:107) at sun.reflect.GeneratedMethodAccessor52.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethod Invoker.java:99) at org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:13 3) at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.jav a:192) at org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.j ava:146) at org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.jav a:59) at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:156) at org.springframework.webflow.engine.State.enter(State.java:191) at org.springframework.webflow.engine.Transition.execute(Transition.java:212) at org.springframework.webflow.engine.TransitionableState.onEvent(Transitionabl eState.java:107) at org.springframework.webflow.engine.Flow.onEvent(Flow.java:534) at org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEven t(RequestControlContextImpl.java:205) at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:161) at org.springframework.webflow.engine.State.enter(State.java:191) at org.springframework.webflow.engine.Transition.execute(Transition.java:212) at org.springframework.webflow.engine.TransitionableState.onEvent(Transitionabl eState.java:107) at org.springframework.webflow.engine.Flow.onEvent(Flow.java:534) at org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEven t(RequestControlContextImpl.java:205) at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:161) at org.springframework.webflow.engine.State.enter(State.java:191) at org.springframework.webflow.engine.Transition.execute(Transition.java:212) at org.springframework.webflow.engine.TransitionableState.onEvent(Transitionabl eState.java:107) at org.springframework.webflow.engine.Flow.onEvent(Flow.java:534) at org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEven t(RequestControlContextImpl.java:205) at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:161) at org.springframework.webflow.engine.State.enter(State.java:191) at org.springframework.webflow.engine.Transition.execute(Transition.java:212) at org.springframework.webflow.engine.TransitionableState.onEvent(Transitionabl eState.java:107) at org.springframework.webflow.engine.Flow.onEvent(Flow.java:534) at org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEven t(RequestControlContextImpl.java:205) at org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowEx ecutionImpl.java:202) at org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImp l.java:222) at org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRe quest(FlowRequestHandler.java:111) at org.springframework.webflow.executor.mvc.FlowController.handleRequestInterna l(FlowController.java:165) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac tController.java:153) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si mpleControllerHandlerAdapter.java:48) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl et.java:875) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle t.java:809) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer vlet.java:476) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.jav a:441) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j ava:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:206) at org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientI nfoThreadLocalFilter.java:48) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestF ilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102 ) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :109) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java: 852) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(H ttp11AprProtocol.java:584) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1508) at java.lang.Thread.run(Thread.java:619) Caused by: KrbException: Pre-authentication information was invalid (24) at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66) at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449) at sun.security.krb5.Credentials.sendASRequest(Credentials.java:406) at sun.security.krb5.Credentials.acquireTGT(Credentials.java:378) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5Login Module.java:662) ... 72 more Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133) at sun.security.krb5.internal.ASRep.init(ASRep.java:58) at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53) at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50) ... 76 more javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5Login Module.java:696) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542) at sun.reflect.GeneratedMethodAccessor54.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler.authe nticateUsernamePasswordInternal(JaasAuthenticationHandler.java:76) at org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthent icationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandle r.java:56) at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAut henticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHa ndler.java:71) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Authenti cationManagerImpl.java:88) at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(Ce ntralAuthenticationServiceImpl.java:411) at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaF ormAction.java:107) at sun.reflect.GeneratedMethodAccessor52.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethod Invoker.java:99) at org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:13 3) at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.jav a:192) at org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.j ava:146) at org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.jav a:59) at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:156) at org.springframework.webflow.engine.State.enter(State.java:191) at org.springframework.webflow.engine.Transition.execute(Transition.java:212) at org.springframework.webflow.engine.TransitionableState.onEvent(Transitionabl eState.java:107) at org.springframework.webflow.engine.Flow.onEvent(Flow.java:534) at org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEven t(RequestControlContextImpl.java:205) at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:161) at org.springframework.webflow.engine.State.enter(State.java:191) at org.springframework.webflow.engine.Transition.execute(Transition.java:212) at org.springframework.webflow.engine.TransitionableState.onEvent(Transitionabl eState.java:107) at org.springframework.webflow.engine.Flow.onEvent(Flow.java:534) at org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEven t(RequestControlContextImpl.java:205) at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:161) at org.springframework.webflow.engine.State.enter(State.java:191) at org.springframework.webflow.engine.Transition.execute(Transition.java:212) at org.springframework.webflow.engine.TransitionableState.onEvent(Transitionabl eState.java:107) at org.springframework.webflow.engine.Flow.onEvent(Flow.java:534) at org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEven t(RequestControlContextImpl.java:205) at org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowEx ecutionImpl.java:202) at org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImp l.java:222) at org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRe quest(FlowRequestHandler.java:111) at org.springframework.webflow.executor.mvc.FlowController.handleRequestInterna l(FlowController.java:165) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac tController.java:153) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si mpleControllerHandlerAdapter.java:48) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl et.java:875) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle t.java:809) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer vlet.java:476) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.jav a:441) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j ava:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:206) at org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientI nfoThreadLocalFilter.java:48) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestF ilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102 ) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :109) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java: 852) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(H ttp11AprProtocol.java:584) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1508) at java.lang.Thread.run(Thread.java:619) Caused by: KrbException: Pre-authentication information was invalid (24) at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66) at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449) at sun.security.krb5.Credentials.sendASRequest(Credentials.java:406) at sun.security.krb5.Credentials.acquireTGT(Credentials.java:378) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5Login Module.java:662) ... 72 more Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133) at sun.security.krb5.internal.ASRep.init(ASRep.java:58) at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53) at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50) ... 76 more -- Andrew Feller, Analyst LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
