[
https://issues.apache.org/jira/browse/HTTPCLIENT-934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12864428#action_12864428
]
Dennis Rieks commented on HTTPCLIENT-934:
-----------------------------------------
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt
false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is
false principal is [email protected] tryFirstPass is false useFirstPass is
false storePass is false clearPass is false
Acquire TGT from Cache
>>>KinitOptions cache name is /tmp/krb5cc_1000
>>>DEBUG <CCacheInputStream> client principal is [email protected]
>>>DEBUG <CCacheInputStream> server principal is
>>>krbtgt/[email protected]
>>>DEBUG <CCacheInputStream> key type: 16
>>>DEBUG <CCacheInputStream> auth time: Wed May 05 19:22:19 CEST 2010
>>>DEBUG <CCacheInputStream> start time: Wed May 05 19:22:19 CEST 2010
>>>DEBUG <CCacheInputStream> end time: Thu May 06 19:22:19 CEST 2010
>>>DEBUG <CCacheInputStream> renew_till time: Wed May 05 19:22:19 CEST 2010
>>> CCacheInputStream: readFlags() RENEWABLE; INITIAL;
>>>DEBUG <CCacheInputStream>
>>>DEBUG <CCacheInputStream> client principal is [email protected]
>>>DEBUG <CCacheInputStream> server principal is
>>>X-CACHECONF:/krb5_ccache_conf_data/fast_avail/krbtgt/[email protected]
>>>DEBUG <CCacheInputStream> key type: 0
>>>DEBUG <CCacheInputStream> auth time: Thu Jan 01 01:00:00 CET 1970
>>>DEBUG <CCacheInputStream> start time: Thu Jan 01 01:00:00 CET 1970
>>>DEBUG <CCacheInputStream> end time: Thu Jan 01 01:00:00 CET 1970
>>>DEBUG <CCacheInputStream> renew_till time: Thu Jan 01 01:00:00 CET 1970
>>> CCacheInputStream: readFlags()
java.io.IOException: extra data given to DerValue constructor
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at sun.security.krb5.internal.Ticket.<init>(Unknown Source)
at sun.security.krb5.internal.ccache.CCacheInputStream.readData(Unknown
Source)
at sun.security.krb5.internal.ccache.CCacheInputStream.readCred(Unknown
Source)
at sun.security.krb5.internal.ccache.FileCredentialsCache.load(Unknown
Source)
at
sun.security.krb5.internal.ccache.FileCredentialsCache.acquireInstance(Unknown
Source)
at
sun.security.krb5.internal.ccache.CredentialsCache.getInstance(Unknown Source)
at sun.security.krb5.Credentials.acquireTGTFromCache(Unknown Source)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown
Source)
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$5.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(Unknown
Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at sun.security.jgss.GSSUtil.login(Unknown Source)
at sun.security.jgss.krb5.Krb5Util.getTicket(Unknown Source)
at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Unknown Source)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown
Source)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Unknown
Source)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(Unknown
Source)
at sun.security.jgss.spnego.SpNegoContext.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at
org.apache.http.impl.auth.NegotiateScheme.authenticate(NegotiateScheme.java:233)
at
org.apache.http.client.protocol.RequestTargetAuthentication.process(RequestTargetAuthentication.java:104)
at
org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:108)
at
org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:167)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:453)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:693)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:624)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:602)
at
eu.tradespark.krb5.ClientKerberosAuthentication.main(ClientKerberosAuthentication.java:157)
Principal is [email protected]
null credentials from Ticket Cache
Kerberos-Passwort für [email protected]: hallo
[Krb5LoginModule] user entered username: [email protected]
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Acquire TGT using AS Exchange
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=kdc.kdctest.local UDP:88, timeout=30000, number of
>>> retries =3, #bytes=150
>>> KDCCommunication: kdc=kdc.kdctest.local UDP:88, timeout=30000,Attempt =1,
>>> #bytes=150
>>> KrbKdcReq send: #bytes read=533
>>> KrbKdcReq send: #bytes read=533
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply hallo
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
principal is [email protected]
EncryptionKey: keyType=3 keyBytes (hex dump)=0000: DF B6 38 1A F2 8C 0D 15
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: DF B6 38 1A F2 8C 0D 15
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 09 5B 16 F9 21 A7 DA 5E
A1 29 69 56 EC 3A 90 6B .[..!..^.)iV.:.k
EncryptionKey: keyType=16 keyBytes (hex dump)=0000: FD 07 15 49 75 7C FB 43
97 26 5E 02 68 76 F7 89 ...Iu..C.&^.hv..
0010: FD 80 97 1C 49 DA 3E 49
EncryptionKey: keyType=17 keyBytes (hex dump)=0000: 35 B1 F8 D5 F7 46 97 83
81 1A 8E AD AE A0 CE 73 5....F.........s
Commit Succeeded
Found ticket for [email protected] to go to
krbtgt/[email protected] expiring on Thu May 06 19:43:24 CEST 2010
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: e5fdb8f4
>>>crc32: 11100101111111011011100011110100
>>> KrbKdcReq send: kdc=kdc.kdctest.local UDP:88, timeout=30000, number of
>>> retries =3, #bytes=568
>>> KDCCommunication: kdc=kdc.kdctest.local UDP:88, timeout=30000,Attempt =1,
>>> #bytes=568
>>> KrbKdcReq send: #bytes read=507
>>> KrbKdcReq send: #bytes read=507
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: a79e462b
>>>crc32: 10100111100111100100011000101011
>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: c30c2a72
>>>crc32: 11000011000011000010101001110010
Krb5Context setting mySeqNumber to: 40618110
Created InitSecContextToken:
0000: 01 00 6E 82 01 C3 30 82 01 BF A0 03 02 01 05 A1 ..n...0.........
0010: 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 81 F8 ......... ......
0020: 61 81 F5 30 81 F2 A0 03 02 01 05 A1 0F 1B 0D 4B a..0...........K
0030: 44 43 54 45 53 54 2E 4C 4F 43 41 4C A2 28 30 26 DCTEST.LOCAL.(0&
0040: A0 03 02 01 00 A1 1F 30 1D 1B 04 48 54 54 50 1B .......0...HTTP.
0050: 15 73 65 72 76 65 72 34 2E 6B 64 63 74 65 73 74 .server4.kdctest
0060: 2E 6C 6F 63 61 6C A3 81 AF 30 81 AC A0 03 02 01 .local...0......
0070: 10 A1 03 02 01 02 A2 81 9F 04 81 9C 34 A6 73 0E ............4.s.
0080: 6C 75 7D C6 69 62 DE 63 3D 09 C8 54 CE B4 36 3A lu..ib.c=..T..6:
0090: 6C 24 09 AD 47 73 2E 53 08 CD 06 9A 11 7F E6 61 l$..Gs.S.......a
00A0: DB 79 27 09 A2 E5 E2 CE 3C 6C 10 DA 1C 98 87 B7 .y'.....<l......
00B0: 41 C3 2E 08 EB D5 1B 8A D9 0C 9E C5 7D 21 2F 5A A............!/Z
00C0: 98 DE 96 EA 11 59 01 A4 30 DC B2 96 02 27 A2 D4 .....Y..0....'..
00D0: 17 BD 56 26 5C 47 68 B1 57 7A 94 E1 28 6E 45 E3 ..V&\Gh.Wz..(nE.
00E0: 06 1B 05 CB 41 1E EC 05 73 E7 8E 44 F7 0F 40 42 ....a...s.....@b
00F0: 34 37 64 53 11 58 75 B2 6F 4B 2A 1B 99 5E 86 2D 47dS.Xu.oK*..^.-
0100: 9E D4 BF 3B 84 1E 30 E3 7C B7 0B FE 01 21 5F 37 ...;..0......!_7
0110: 83 09 AB 0D 2E B1 95 0B A4 81 AE 30 81 AB A0 03 ...........0....
0120: 02 01 01 A2 81 A3 04 81 A0 A9 F7 5C FB 7F 65 40 ...........\..e@
0130: C8 00 82 55 88 6D 75 73 72 59 41 6F 1A 4C 02 E1 ...U.musrYAo.L..
0140: 79 1B D6 5C 76 12 13 74 96 0E F3 40 FD 80 E9 D3 y..\v..t...@....
0150: 08 68 8E 0F 46 A5 6F B6 49 A7 40 56 6F A0 19 4A [email protected]
0160: 29 41 F2 9A 2A 33 8B E4 07 5A A9 92 D5 E2 27 7F )A..*3...Z....'.
0170: F9 69 E1 CF 88 F0 85 4E A9 4D 09 CB FA 1C F5 FF .i.....N.M......
0180: ED 5F EF AE EF 3E 03 0F 76 A0 40 8F EC 02 16 81 ._...>....@.....
0190: F1 A4 70 B1 F2 02 F6 7A 05 E2 D2 31 B4 EA D8 5D ..p....z...1...]
01A0: D7 54 3E DD 6F 0B DA 1C CA F6 11 57 44 BC AD 0D .T>.o......WD...
01B0: 73 06 2F 21 AE 0D 27 AB 4D E1 6C 13 52 58 46 54 s./!..'.M.l.RXFT
01C0: 0A 6F A3 C8 05 01 EE 3A 53 .o.....:S
05.05.2010 19:43:25 org.apache.http.impl.client.DefaultRequestDirector
handleResponse
WARNUNG: Authentication error: Negotiate authorization challenge expected, but
not found
----------------------------------------
HTTP/1.1 401 Authorization Required
----------------------------------------
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.9 (Debian) mod_auth_kerb/5.3 PHP/5.2.6-1+lenny8 with
Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g
mod_perl/2.0.4 Perl/v5.10.0 Server at server4.kdctest.local Port 80</address>
</body></html>
----------------------------------------
> kerberos auth not working
> -------------------------
>
> Key: HTTPCLIENT-934
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-934
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: Examples, HttpClient
> Affects Versions: 4.1 Alpha1
> Reporter: Dennis Rieks
> Priority: Minor
>
> Hi,
> i used org/apache/http/examples/client/ClientKerberosAuthentication.java to
> test kerberos authentication.
> My Setup:
> Apache2 on Debian (virtual machine "server4.kdctest.local") is setup to
> deliver kerberos authenticated content via http and https.
> The Kerberos kdc (virtual maschine "kdc.kdctest.local") also runs on debian.
> On my Desktop (ubuntu) i can use kinit/klist/kdestory to sign in on the
> kerberos domain and server4 only delivers content when signed on.
> I used firefox (with extra settings for http in about:config) and curl (curl
> -k --negotiate -u : http://server4.kdctest.local/test.php) to test my
> kerberos setup.
> The Problem:
> ClientKerberosAuthentication always asks the username/password and dont care
> about kinit. Also there is always an http 401 error and no content is
> deliverd.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
