[cas-user] CAS 3.4.11 + SPNEGO on windows 2008R2 DC issues

Fri, 13 Apr 2012 08:34:38 -0700 

Hi,
Following the Jasig Howto about CAS and SPNEGO on windows domain controller i encounter some problems. 

We have one AD domain controller (2008R2).


We have one cas server (cas 3.4.11) on Centos 6. We uses tomcat 7 and 
jdk1.7.x on the cas server.



We have client stations (Windows XP + firefox/IE) in order to test the 
SPNEGO mechanism.



We have made configuration of a spnego user in AD (we have disable 
kerberos preauthentication for this user)and creation on the windows 
domain controller of a keytab for our cas service.



When we connect from a domain client station (WinXP + firefox) we got 
the following error at the cas server :


-------------------------------------------------------------------------------
default etypes for default_tkt_enctypes: 23.

KrbAsReq creating message
KrbKdcReq send: kdc=10.31.1.1 UDP:88, timeout=30000, number of

retries =3, #bytes=165

KDCCommunication: kdc=10.31.1.1 UDP:88, timeout=30000,Attempt =1,

#bytes=165

KrbKdcReq send: #bytes read=647
KdcAccessibility: remove 10.31.1.1
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType

jcifs.spnego.AuthenticationException: Error performing Kerberos 
authentication: java.lang.reflect.InvocationTargetException
        at 
jcifs.spnego.Authentication.processKerberos(Authentication.java:447)
        at 
jcifs.spnego.Authentication.processSpnego(Authentication.java:346)

        at jcifs.spnego.Authentication.process(Authentication.java:235)

        at 
org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler.doAuthentication(JCIFSSpnegoAuthenticationHandler.java:57)

.
.
.
Caused by: KrbException: Checksum failed

        at 
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:102)
        at 
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:94)

        at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:177)
        at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:149)

        at 
sun.security.krb5.KrbAsRep.decryptUsingPassword(KrbAsRep.java:139)
        at 
sun.security.krb5.KrbAsReqBuilder.resolve(KrbAsReqBuilder.java:287)
        at 
sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
        at 
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:721)

        ... 147 more
Caused by: java.security.GeneralSecurityException: Checksum failed

        at 
sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:408)
        at 
sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:91)
        at 
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:100)

        ... 154 more
------------------------------------------------------


I don't really understand what can provides this error (bad keytab, 
password problem, etc....)


Any help or idea  ?

Thanks for your help.

--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user














    











					Reply via email to