This error may simply be generated by an invalid password. Are there other messages surrounding this one in the log?
Are the clocks sync'd between your CAS server and your KDC? Are you authenticating against MIT Kerberos or Active Directory Kerberos? Often with AD, this error occurs if a user's account name has changed without changing the password, or if they enter the account name with incorrect case. The second bullet on Sun's jgss Troubleshooting page may be relevant: http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/Troubleshooting.html -Matt On Tue, 2007-11-20 at 23:01 -0500, Serge Bianda wrote: > I'm using kerberos > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Smith, Matt > Sent: Tuesday, November 20, 2007 5:05 PM > To: Yale CAS mailing list; Yale CAS mailing list > Subject: RE: Service outside of a firewall not working > > That error looks like something related to Kerberos. Are you doing > SPNEGO or Kerberos (via JaasAuthenticationHandler) authentication? > -Matt > > > -----Original Message----- > From: [EMAIL PROTECTED] on behalf of Serge Bianda > Sent: Tue 2007-11-20 11:37 > To: Yale CAS mailing list > Subject: Service outside of a firewall not working > > I have a server outside of our firewall that needs to authenticate > thought our CAS server located inside of our firewall. Is there any port > that needs to be opened on the firewall? The server was previously > hosted in house, and was working fine, but then we moved it offsite, and > now the authentication is failing. The cas server is accessible from the > Internet though > > > > Here is what we get on the tomcat error log: > > > > Authentication attempt failedjavax.security.auth.login.LoginException: > Pre-authentication information was invalid (24) > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- Matt Smith [EMAIL PROTECTED] University Information Technology Services (UITS) University of Connecticut PGP Key ID: 0xE9C5244E
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
