[
https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14635724#comment-14635724
]
Stefan Seelmann commented on DIRSTUDIO-1066:
--------------------------------------------
bq. Use native TGT in Kerberos settings. ... The authentication parameters:
Bind DN or user: admin (which is in domain) Bind password: is my password.
When you choose "native TGT", then you don't need to provide user/password. So
please check your settings.
Please specify your environment. From which kDC do you receive the TGT (AD or
ApacheDS)? On which system do you run Studio? To which server do you want to
connect to (AD or ApacheDS)?
Otherwise, as you try to use AES256, do you have installed the JCE Unlimited
Strength Jurisdiction Policy Files?
> Apache Directory Studio GSSAPI (Kerberos) Error
> -----------------------------------------------
>
> Key: DIRSTUDIO-1066
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1066
> Project: Directory Studio
> Issue Type: Question
> Affects Versions: 2.0.0-M8 (2.0.0.v20130628)
> Environment: Windows Server 2008 R2 Enterprise, Java version:
> 1.6.0_24,
> Reporter: Csaba Cserba
> Labels: Kerberos, LDAP
>
> I would like to ask from all of you, that what should be the solution for my
> error message. It is about, when I check the authentication with the server
> and the settings are set to: Use native TGT in Kerberos settings.
> The authentication parameters: Bind DN or user: admin (which is in domain)
> Bind password: is my password.
> The error message is:
> The authentication failed. - java.security.PrivilegedActionException:
> org.apace.directory.api.ldap.model.exception.LdapException:
> javax.security.sasl.SaslException: GSS initiate failed
> [Caused by GSSException: No valid credentials provided
> (Mechanism level: Illegal key size)]
> When I click on more details:
> The authentication failed
> - java.security.PrivilegedActionException:
> org.apache.directory.api.ldap.model.exception.LdapException:
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Illegal key
> size)]
> org.apache.directory.api.ldap.model.exception.LdapException:
> java.security.PrivilegedActionException:
> org.apache.directory.api.ldap.model.exception.LdapException:
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Illegal key
> size)]
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1535)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1421)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:447)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:79)
> at
> org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:122)
> at
> org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
> Caused by: java.security.PrivilegedActionException:
> org.apache.directory.api.ldap.model.exception.LdapException:
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Illegal key
> size)]
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Unknown Source)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1525)
> ... 8 more
> Caused by: org.apache.directory.api.ldap.model.exception.LdapException:
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Illegal key
> size)]
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindSasl(LdapNetworkConnection.java:3898)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.access$200(LdapNetworkConnection.java:178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection$2.run(LdapNetworkConnection.java:1529)
> ... 11 more
> Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Illegal key
> size)]
> at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown
> Source)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindSasl(LdapNetworkConnection.java:3808)
> ... 13 more
> Caused by: GSSException: No valid credentials provided (Mechanism level:
> Illegal key size)
> at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
> at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
> at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
> ... 15 more
> Caused by: KrbException: Illegal key size
> at
> sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.encrypt(Unknown
> Source)
> at
> sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.encrypt(Unknown
> Source)
> at sun.security.krb5.EncryptedData.<init>(Unknown Source)
> at sun.security.krb5.KrbApReq.createMessage(Unknown Source)
> at sun.security.krb5.KrbApReq.init(Unknown Source)
> at sun.security.krb5.KrbApReq.<init>(Unknown Source)
> at sun.security.krb5.KrbTgsReq.createRequest(Unknown Source)
> at sun.security.krb5.KrbTgsReq.<init>(Unknown Source)
> at sun.security.krb5.KrbTgsReq.<init>(Unknown Source)
> at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
> at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown
> Source)
> at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
> ... 18 more
> Caused by: java.security.InvalidKeyException: Illegal key size
> at javax.crypto.Cipher.a(DashoA13*..)
> at javax.crypto.Cipher.a(DashoA13*..)
> at javax.crypto.Cipher.a(DashoA13*..)
> at javax.crypto.Cipher.init(DashoA13*..)
> at javax.crypto.Cipher.init(DashoA13*..)
> at sun.security.krb5.internal.crypto.dk.AesDkCrypto.getCipher(Unknown
> Source)
> at sun.security.krb5.internal.crypto.dk.DkCrypto.dr(Unknown Source)
> at sun.security.krb5.internal.crypto.dk.DkCrypto.dk(Unknown Source)
> at sun.security.krb5.internal.crypto.dk.AesDkCrypto.encryptCTS(Unknown
> Source)
> at sun.security.krb5.internal.crypto.dk.AesDkCrypto.encrypt(Unknown
> Source)
> at sun.security.krb5.internal.crypto.Aes256.encrypt(Unknown Source)
> ... 30 more
> java.security.PrivilegedActionException:
> org.apache.directory.api.ldap.model.exception.LdapException:
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Illegal key
> size)]
> Thanks for all your kind help.
> P.S.: My set up is Kerberos Real: My domain KDC Host: My domain KDC Port: 88
> The Network parameter:
> Name: Enterprise Hostname: my domain Port 389 Encryption: No encryption
> Provider apache directory LDAP Client Api
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
