[jira] Commented: (HTTPCLIENT-934) kerberos auth not working

[Dennis Rieks (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12864772#action_12864772
 ] 

Dennis Rieks commented on HTTPCLIENT-934:
-----------------------------------------

(1) Im using the latest svn code shnapshot (Revision 941720)
(2) See attached logfile 
(3) Im using "Sun jre1.6.0_18"

Logfile:

2010/05/06 15:51:10:921 MESZ [DEBUG] SingleClientConnManager - Get connection 
for route HttpRoute[{}->http://blao.de]
2010/05/06 15:51:10:934 MESZ [DEBUG] DefaultClientConnectionOperator - 
Connecting to blao.de/78.46.201.57:80
2010/05/06 15:51:10:990 MESZ [DEBUG] RequestAddCookies - CookieSpec selected: 
best-match
2010/05/06 15:51:11:001 MESZ [DEBUG] DefaultHttpClient - Attempt 2 to execute 
request
2010/05/06 15:51:11:001 MESZ [DEBUG] DefaultClientConnection - Sending request: 
GET /krb5/user.php HTTP/1.1
2010/05/06 15:51:11:002 MESZ [DEBUG] wire - >> "GET /krb5/user.php 
HTTP/1.1[EOL]"
2010/05/06 15:51:11:003 MESZ [DEBUG] wire - >> "Host: blao.de[EOL]"
2010/05/06 15:51:11:003 MESZ [DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
2010/05/06 15:51:11:004 MESZ [DEBUG] wire - >> "User-Agent: 
Apache-HttpClient/4.1-alpha2-SNAPSHOT (java 1.5)[EOL]"
2010/05/06 15:51:11:004 MESZ [DEBUG] wire - >> "[EOL]"
2010/05/06 15:51:11:005 MESZ [DEBUG] headers - >> GET /krb5/user.php HTTP/1.1
2010/05/06 15:51:11:005 MESZ [DEBUG] headers - >> Host: blao.de
2010/05/06 15:51:11:005 MESZ [DEBUG] headers - >> Connection: Keep-Alive
2010/05/06 15:51:11:005 MESZ [DEBUG] headers - >> User-Agent: 
Apache-HttpClient/4.1-alpha2-SNAPSHOT (java 1.5)
2010/05/06 15:51:11:043 MESZ [DEBUG] wire - << "HTTP/1.1 401 Authorization 
Required[EOL]"
2010/05/06 15:51:11:046 MESZ [DEBUG] wire - << "Date: Thu, 06 May 2010 13:51:11 
GMT[EOL]"
2010/05/06 15:51:11:046 MESZ [DEBUG] wire - << "Server: Apache/2.2.9 (Debian) 
mod_auth_kerb/5.3 DAV/2 SVN/1.5.1 mod_fastcgi/2.4.6 mod_jk/1.2.26 
PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 
mod_ssl/2.2.9 OpenSSL/0.9.8g mod_wsgi/2.5[EOL]"
2010/05/06 15:51:11:046 MESZ [DEBUG] wire - << "WWW-Authenticate: 
Negotiate[EOL]"
2010/05/06 15:51:11:046 MESZ [DEBUG] wire - << "Vary: Accept-Encoding[EOL]"
2010/05/06 15:51:11:047 MESZ [DEBUG] wire - << "Content-Length: 649[EOL]"
2010/05/06 15:51:11:047 MESZ [DEBUG] wire - << "Keep-Alive: timeout=15, 
max=100[EOL]"
2010/05/06 15:51:11:047 MESZ [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
2010/05/06 15:51:11:047 MESZ [DEBUG] wire - << "Content-Type: text/html; 
charset=iso-8859-1[EOL]"
2010/05/06 15:51:11:047 MESZ [DEBUG] wire - << "[EOL]"
2010/05/06 15:51:11:048 MESZ [DEBUG] DefaultClientConnection - Receiving 
response: HTTP/1.1 401 Authorization Required
2010/05/06 15:51:11:048 MESZ [DEBUG] headers - << HTTP/1.1 401 Authorization 
Required
2010/05/06 15:51:11:048 MESZ [DEBUG] headers - << Date: Thu, 06 May 2010 
13:51:11 GMT
2010/05/06 15:51:11:048 MESZ [DEBUG] headers - << Server: Apache/2.2.9 (Debian) 
mod_auth_kerb/5.3 DAV/2 SVN/1.5.1 mod_fastcgi/2.4.6 mod_jk/1.2.26 
PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 
mod_ssl/2.2.9 OpenSSL/0.9.8g mod_wsgi/2.5
2010/05/06 15:51:11:048 MESZ [DEBUG] headers - << WWW-Authenticate: Negotiate
2010/05/06 15:51:11:048 MESZ [DEBUG] headers - << Vary: Accept-Encoding
2010/05/06 15:51:11:049 MESZ [DEBUG] headers - << Content-Length: 649
2010/05/06 15:51:11:049 MESZ [DEBUG] headers - << Keep-Alive: timeout=15, 
max=100
2010/05/06 15:51:11:049 MESZ [DEBUG] headers - << Connection: Keep-Alive
2010/05/06 15:51:11:049 MESZ [DEBUG] headers - << Content-Type: text/html; 
charset=iso-8859-1
2010/05/06 15:51:11:056 MESZ [DEBUG] DefaultHttpClient - Connection can be kept 
alive for 15000 ms
2010/05/06 15:51:11:056 MESZ [DEBUG] DefaultHttpClient - Target requested 
authentication
2010/05/06 15:51:11:056 MESZ [DEBUG] DefaultTargetAuthenticationHandler - 
Authentication schemes in the order of preference: [negotiate, NTLM, Digest, 
Basic]
2010/05/06 15:51:11:056 MESZ [DEBUG] DefaultTargetAuthenticationHandler - 
negotiate authentication scheme selected
2010/05/06 15:51:11:057 MESZ [DEBUG] NegotiateScheme - Challenge header: 
WWW-Authenticate: Negotiate
2010/05/06 15:51:11:058 MESZ [DEBUG] DefaultHttpClient - Authorization 
challenge processed
2010/05/06 15:51:11:058 MESZ [DEBUG] DefaultHttpClient - Authentication scope: 
NEGOTIATE <any realm>@blao.de:80
2010/05/06 15:51:11:058 MESZ [DEBUG] DefaultHttpClient - Found credentials
2010/05/06 15:51:11:058 MESZ [DEBUG] wire - << "<!DOCTYPE HTML PUBLIC 
"-//IETF//DTD HTML 2.0//EN">[\n]"
2010/05/06 15:51:11:058 MESZ [DEBUG] wire - << "<html><head>[\n]"
2010/05/06 15:51:11:058 MESZ [DEBUG] wire - << "<title>401 Authorization 
Required</title>[\n]"
2010/05/06 15:51:11:058 MESZ [DEBUG] wire - << "</head><body>[\n]"
2010/05/06 15:51:11:058 MESZ [DEBUG] wire - << "<h1>Authorization 
Required</h1>[\n]"
2010/05/06 15:51:11:058 MESZ [DEBUG] wire - << "<p>This server could not verify 
that you[\n]"
2010/05/06 15:51:11:059 MESZ [DEBUG] wire - << "are authorized to access the 
document[\n]"
2010/05/06 15:51:11:059 MESZ [DEBUG] wire - << "requested.  Either you supplied 
the wrong[\n]"
2010/05/06 15:51:11:059 MESZ [DEBUG] wire - << "credentials (e.g., bad 
password), or your[\n]"
2010/05/06 15:51:11:059 MESZ [DEBUG] wire - << "browser doesn't understand how 
to supply[\n]"
2010/05/06 15:51:11:059 MESZ [DEBUG] wire - << "the credentials 
required.</p>[\n]"
2010/05/06 15:51:11:059 MESZ [DEBUG] wire - << "<hr>[\n]"
2010/05/06 15:51:11:059 MESZ [DEBUG] wire - << "<address>Apache/2.2.9 (Debian) 
mod_auth_kerb/5.3 DAV/2 SVN/1.5.1 mod_fastcgi/2.4.6 mod_jk/1.2.26 
PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 
mod_ssl/2.2.9 OpenSSL/0.9.8g mod_wsgi/2.5 Server at blao.de Port 
80</address>[\n]"
2010/05/06 15:51:11:059 MESZ [DEBUG] wire - << "</body></html>[\n]"
2010/05/06 15:51:11:059 MESZ [DEBUG] RequestAddCookies - CookieSpec selected: 
best-match
2010/05/06 15:51:11:059 MESZ [DEBUG] NegotiateScheme - init blao.de
>>>KinitOptions cache name is /tmp/krb5cc_1000
>>>DEBUG <CCacheInputStream>  client principal is te...@blao.de
>>>DEBUG <CCacheInputStream> server principal is krbtgt/blao...@blao.de
>>>DEBUG <CCacheInputStream> key type: 16
>>>DEBUG <CCacheInputStream> auth time: Thu May 06 15:35:30 CEST 2010
>>>DEBUG <CCacheInputStream> start time: Thu May 06 15:35:30 CEST 2010
>>>DEBUG <CCacheInputStream> end time: Fri May 07 15:35:29 CEST 2010
>>>DEBUG <CCacheInputStream> renew_till time: Thu Jan 01 01:00:00 CET 1970
>>> CCacheInputStream: readFlags()  INITIAL;
>>>DEBUG <CCacheInputStream>
>>>DEBUG <CCacheInputStream>  client principal is te...@blao.de
>>>DEBUG <CCacheInputStream> server principal is 
>>>X-CACHECONF:/krb5_ccache_conf_data/fast_avail/krbtgt/blao...@blao.de
>>>DEBUG <CCacheInputStream> key type: 0
>>>DEBUG <CCacheInputStream> auth time: Thu Jan 01 01:00:00 CET 1970
>>>DEBUG <CCacheInputStream> start time: Thu Jan 01 01:00:00 CET 1970
>>>DEBUG <CCacheInputStream> end time: Thu Jan 01 01:00:00 CET 1970
>>>DEBUG <CCacheInputStream> renew_till time: Thu Jan 01 01:00:00 CET 1970
>>> CCacheInputStream: readFlags() 
java.io.IOException: extra data given to DerValue constructor
        at sun.security.util.DerValue.init(Unknown Source)
        at sun.security.util.DerValue.<init>(Unknown Source)
        at sun.security.krb5.internal.Ticket.<init>(Unknown Source)
        at sun.security.krb5.internal.ccache.CCacheInputStream.readData(Unknown 
Source)
        at sun.security.krb5.internal.ccache.CCacheInputStream.readCred(Unknown 
Source)
        at sun.security.krb5.internal.ccache.FileCredentialsCache.load(Unknown 
Source)
        at 
sun.security.krb5.internal.ccache.FileCredentialsCache.acquireInstance(Unknown 
Source)
        at 
sun.security.krb5.internal.ccache.CredentialsCache.getInstance(Unknown Source)
        at sun.security.krb5.Credentials.acquireTGTFromCache(Unknown Source)
        at 
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown 
Source)
        at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at javax.security.auth.login.LoginContext.invoke(Unknown Source)
        at javax.security.auth.login.LoginContext.access$000(Unknown Source)
        at javax.security.auth.login.LoginContext$5.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokeCreatorPriv(Unknown 
Source)
        at javax.security.auth.login.LoginContext.login(Unknown Source)
        at sun.security.jgss.GSSUtil.login(Unknown Source)
        at sun.security.jgss.krb5.Krb5Util.getTicket(Unknown Source)
        at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Unknown Source)
        at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)
        at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown 
Source)
        at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Unknown 
Source)
        at sun.security.jgss.GSSManagerImpl.getMechanismContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(Unknown 
Source)
        at sun.security.jgss.spnego.SpNegoContext.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at 
org.apache.http.impl.auth.NegotiateScheme.authenticate(NegotiateScheme.java:233)
        at 
org.apache.http.client.protocol.RequestTargetAuthentication.process(RequestTargetAuthentication.java:104)
        at 
org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:108)
        at 
org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:167)
        at 
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:453)
        at 
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:693)
        at 
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:624)
        at 
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:602)
        at 
org.apache.http.examples.client.ClientKerberosAuthentication.main(ClientKerberosAuthentication.java:185)
Kerberos-Benutzername [drieks]: te...@blao.de
Kerberos-Passwort für te...@blao.de: test1
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=blao.de UDP:88, timeout=30000, number of retries =3, 
>>> #bytes=136
>>> KDCCommunication: kdc=blao.de UDP:88, timeout=30000,Attempt =1, #bytes=136
>>> KrbKdcReq send: #bytes read=499
>>> KrbKdcReq send: #bytes read=499
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply test1
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Found ticket for te...@blao.de to go to krbtgt/blao...@blao.de expiring on Fri 
May 07 15:51:23 CEST 2010
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: ab9bcd10
>>>crc32: 10101011100110111100110100010000
>>> KrbKdcReq send: kdc=blao.de UDP:88, timeout=30000, number of retries =3, 
>>> #bytes=518
>>> KDCCommunication: kdc=blao.de UDP:88, timeout=30000,Attempt =1, #bytes=518
>>> KrbKdcReq send: #bytes read=497
>>> KrbKdcReq send: #bytes read=497
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: d9682ecf
>>>crc32: 11011001011010000010111011001111
>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
>>>crc32: e3208be9
>>>crc32: 11100011001000001000101111101001
Krb5Context setting mySeqNumber to: 252253754
Created InitSecContextToken:
0000: 01 00 6E 82 01 B7 30 82   01 B3 A0 03 02 01 05 A1  ..n...0.........
0010: 03 02 01 0E A2 07 03 05   00 20 00 00 00 A3 81 F4  ......... ......
0020: 61 81 F1 30 81 EE A0 03   02 01 05 A1 09 1B 07 42  a..0...........B
0030: 4C 41 4F 2E 44 45 A2 1A   30 18 A0 03 02 01 00 A1  LAO.DE..0.......
0040: 11 30 0F 1B 04 48 54 54   50 1B 07 62 6C 61 6F 2E  .0...HTTP..blao.
0050: 64 65 A3 81 BF 30 81 BC   A0 03 02 01 10 A1 03 02  de...0..........
0060: 01 03 A2 81 AF 04 81 AC   FA C2 95 D9 6B 56 3D E9  ............kV=.
0070: D1 48 DF 80 2A BC DA 0A   FB 10 BF A1 73 E7 35 E1  .H..*.......s.5.
0080: FA DB 2C 86 FF FA B5 16   CA B7 42 46 B7 FC 98 5C  ..,.......BF...\
0090: 4F 3F EF B8 02 32 18 01   51 C1 7B AB C4 B5 07 84  O?...2..Q.......
00A0: 0B 1D C9 20 EF C0 04 1B   98 57 6C A0 C1 59 7E 56  ... .....Wl..Y.V
00B0: 53 D4 E3 7D DF 01 40 10   64 FC 7C C3 AF 54 B6 B5  s.....@.d....t..
00C0: E1 77 00 8F F4 7E 19 58   11 83 5F C6 88 87 76 C7  .w.....X.._...v.
00D0: 2F 7D 08 DB 47 12 75 73   A7 FB 6A 04 FB 53 B2 0F  /...G.us..j..S..
00E0: 34 8E E6 59 46 1B 26 D5   01 9A A3 58 D4 15 00 62  4..YF.&....X...b
00F0: AD 96 BC 87 0B 04 D7 61   39 9C 3C 08 1E 77 2A 44  .......a9.<..w*D
0100: 50 B4 2A ED 81 92 73 A5   12 27 AC 45 BC 69 6B 37  P.*...s..'.E.ik7
0110: 05 26 AE 0F A4 81 A6 30   81 A3 A0 03 02 01 01 A2  .&.....0........
0120: 81 9B 04 81 98 2D 36 5B   3C A2 4D 95 51 63 F4 AE  .....-6[<.M.Qc..
0130: 1E 31 86 59 D9 9E EF 22   FF 3B 71 4D BB 1B CF 1C  .1.Y...".;qM....
0140: 7F 0C 38 9A 6F E0 4E 51   03 4D A3 24 5F D4 D1 E0  ..8.o.NQ.M.$_...
0150: 02 67 4C 0C F8 D0 BA 96   2D E1 16 CD 8D 37 FE 42  .gL.....-....7.B
0160: 0D 5E 68 86 87 39 2D A8   5B 11 56 05 90 A0 CC 10  .^h..9-.[.V.....
0170: D1 2B F6 7D 23 F8 C3 B7   6B 4A 93 24 A1 A1 59 9B  .+..#...kJ.$..Y.
0180: C2 4D 3C 16 DA 75 6F E2   DA DD E5 37 78 98 A8 F4  .M<..uo....7x...
0190: 9D 81 CC C9 70 2B 6D B3   2F 33 2A B3 9C 39 FE F9  ....p+m./3*..9..
01A0: E8 7F 06 C6 9F 66 40 E1   6B 27 D8 CF FA 72 4A 7C  ......@.k'...rJ.
01B0: A8 A1 73 92 DE 6B C5 E2   22 CE 53 96 6C           ..s..k..".S.l

2010/05/06 15:51:23:908 MESZ [DEBUG] NegotiateScheme - got token, sending 509 
bytes to server
2010/05/06 15:51:23:911 MESZ [DEBUG] DefaultHttpClient - Attempt 4 to execute 
request
2010/05/06 15:51:23:911 MESZ [DEBUG] DefaultClientConnection - Sending request: 
GET /krb5/user.php HTTP/1.1
2010/05/06 15:51:23:911 MESZ [DEBUG] wire - >> "GET /krb5/user.php 
HTTP/1.1[EOL]"
2010/05/06 15:51:23:911 MESZ [DEBUG] wire - >> "Host: blao.de[EOL]"
2010/05/06 15:51:23:911 MESZ [DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
2010/05/06 15:51:23:911 MESZ [DEBUG] wire - >> "User-Agent: 
Apache-HttpClient/4.1-alpha2-SNAPSHOT (java 1.5)[EOL]"
2010/05/06 15:51:23:911 MESZ [DEBUG] wire - >> "Authorization: Negotiate 
YIIB+QYGKwYBBQUCoIIB7TCCAemgDTALBgkqhkiG9xIBAgKhBAMCAD6iggHQBIIBzGCCAcgGCSqGSIb3EgECAgEAboIBtzCCAbOgAwIBBaEDAgEOogcDBQAgAAAAo4H0YYHxMIHuoAMCAQWhCRsHQkxBTy5ERaIaMBigAwIBAKERMA8bBEhUVFAbB2JsYW8uZGWjgb8wgbygAwIBEKEDAgEDooGvBIGs+sKV2WtWPenRSN+AKrzaCvsQv6Fz5zXh+tsshv/6tRbKt0JGt/yYXE8/77gCMhgBUcF7q8S1B4QLHckg78AEG5hXbKDBWX5WU9Tjfd8BQBBk/HzDr1S2teF3AI/0fhlYEYNfxoiHdscvfQjbRxJ1c6f7agT7U7IPNI7mWUYbJtUBmqNY1BUAYq2WvIcLBNdhOZw8CB53KkRQtCrtgZJzpRInrEW8aWs3BSauD6SBpjCBo6ADAgEBooGbBIGYLTZbPKJNlVFj9K4eMYZZ2Z7vIv87cU27G88cfww4mm/gTlEDTaMkX9TR4AJnTAz40LqWLeEWzY03/kINXmiGhzktqFsRVgWQoMwQ0Sv2fSP4w7drSpMkoaFZm8JNPBbadW/i2t3lN3iYqPSdgczJcCttsy8zKrOcOf756H8Gxp9mQOFrJ9jP+nJKfKihc5Lea8XiIs5Tlmw=[EOL]"
2010/05/06 15:51:23:911 MESZ [DEBUG] wire - >> "[EOL]"
2010/05/06 15:51:23:911 MESZ [DEBUG] headers - >> GET /krb5/user.php HTTP/1.1
2010/05/06 15:51:23:911 MESZ [DEBUG] headers - >> Host: blao.de
2010/05/06 15:51:23:911 MESZ [DEBUG] headers - >> Connection: Keep-Alive
2010/05/06 15:51:23:911 MESZ [DEBUG] headers - >> User-Agent: 
Apache-HttpClient/4.1-alpha2-SNAPSHOT (java 1.5)
2010/05/06 15:51:23:911 MESZ [DEBUG] headers - >> Authorization: Negotiate 
YIIB+QYGKwYBBQUCoIIB7TCCAemgDTALBgkqhkiG9xIBAgKhBAMCAD6iggHQBIIBzGCCAcgGCSqGSIb3EgECAgEAboIBtzCCAbOgAwIBBaEDAgEOogcDBQAgAAAAo4H0YYHxMIHuoAMCAQWhCRsHQkxBTy5ERaIaMBigAwIBAKERMA8bBEhUVFAbB2JsYW8uZGWjgb8wgbygAwIBEKEDAgEDooGvBIGs+sKV2WtWPenRSN+AKrzaCvsQv6Fz5zXh+tsshv/6tRbKt0JGt/yYXE8/77gCMhgBUcF7q8S1B4QLHckg78AEG5hXbKDBWX5WU9Tjfd8BQBBk/HzDr1S2teF3AI/0fhlYEYNfxoiHdscvfQjbRxJ1c6f7agT7U7IPNI7mWUYbJtUBmqNY1BUAYq2WvIcLBNdhOZw8CB53KkRQtCrtgZJzpRInrEW8aWs3BSauD6SBpjCBo6ADAgEBooGbBIGYLTZbPKJNlVFj9K4eMYZZ2Z7vIv87cU27G88cfww4mm/gTlEDTaMkX9TR4AJnTAz40LqWLeEWzY03/kINXmiGhzktqFsRVgWQoMwQ0Sv2fSP4w7drSpMkoaFZm8JNPBbadW/i2t3lN3iYqPSdgczJcCttsy8zKrOcOf756H8Gxp9mQOFrJ9jP+nJKfKihc5Lea8XiIs5Tlmw=
2010/05/06 15:51:23:965 MESZ [DEBUG] wire - << "HTTP/1.1 401 Authorization 
Required[EOL]"
2010/05/06 15:51:23:968 MESZ [DEBUG] wire - << "Date: Thu, 06 May 2010 13:51:24 
GMT[EOL]"
2010/05/06 15:51:23:968 MESZ [DEBUG] wire - << "Server: Apache/2.2.9 (Debian) 
mod_auth_kerb/5.3 DAV/2 SVN/1.5.1 mod_fastcgi/2.4.6 mod_jk/1.2.26 
PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 
mod_ssl/2.2.9 OpenSSL/0.9.8g mod_wsgi/2.5[EOL]"
2010/05/06 15:51:23:968 MESZ [DEBUG] wire - << "Vary: Accept-Encoding[EOL]"
2010/05/06 15:51:23:968 MESZ [DEBUG] wire - << "Content-Length: 649[EOL]"
2010/05/06 15:51:23:969 MESZ [DEBUG] wire - << "Keep-Alive: timeout=15, 
max=99[EOL]"
2010/05/06 15:51:23:969 MESZ [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
2010/05/06 15:51:23:969 MESZ [DEBUG] wire - << "Content-Type: text/html; 
charset=iso-8859-1[EOL]"
2010/05/06 15:51:23:969 MESZ [DEBUG] wire - << "[EOL]"
2010/05/06 15:51:23:969 MESZ [DEBUG] DefaultClientConnection - Receiving 
response: HTTP/1.1 401 Authorization Required
2010/05/06 15:51:23:969 MESZ [DEBUG] headers - << HTTP/1.1 401 Authorization 
Required
2010/05/06 15:51:23:969 MESZ [DEBUG] headers - << Date: Thu, 06 May 2010 
13:51:24 GMT
2010/05/06 15:51:23:969 MESZ [DEBUG] headers - << Server: Apache/2.2.9 (Debian) 
mod_auth_kerb/5.3 DAV/2 SVN/1.5.1 mod_fastcgi/2.4.6 mod_jk/1.2.26 
PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 
mod_ssl/2.2.9 OpenSSL/0.9.8g mod_wsgi/2.5
2010/05/06 15:51:23:969 MESZ [DEBUG] headers - << Vary: Accept-Encoding
2010/05/06 15:51:23:969 MESZ [DEBUG] headers - << Content-Length: 649
2010/05/06 15:51:23:969 MESZ [DEBUG] headers - << Keep-Alive: timeout=15, max=99
2010/05/06 15:51:23:969 MESZ [DEBUG] headers - << Connection: Keep-Alive
2010/05/06 15:51:23:969 MESZ [DEBUG] headers - << Content-Type: text/html; 
charset=iso-8859-1
2010/05/06 15:51:23:970 MESZ [DEBUG] DefaultHttpClient - Connection can be kept 
alive for 15000 ms
2010/05/06 15:51:23:970 MESZ [DEBUG] DefaultHttpClient - Target requested 
authentication
2010/05/06 15:51:23:970 MESZ [WARN] DefaultHttpClient - Authentication error: 
Negotiate authorization challenge expected, but not found
----------------------------------------
HTTP/1.1 401 Authorization Required
----------------------------------------
2010/05/06 15:51:23:973 MESZ [DEBUG] wire - << "<!DOCTYPE HTML PUBLIC 
"-//IETF//DTD HTML 2.0//EN">[\n]"
2010/05/06 15:51:23:973 MESZ [DEBUG] wire - << "<html><head>[\n]"
2010/05/06 15:51:23:973 MESZ [DEBUG] wire - << "<title>401 Authorization 
Required</title>[\n]"
2010/05/06 15:51:23:973 MESZ [DEBUG] wire - << "</head><body>[\n]"
2010/05/06 15:51:23:973 MESZ [DEBUG] wire - << "<h1>Authorization 
Required</h1>[\n]"
2010/05/06 15:51:23:973 MESZ [DEBUG] wire - << "<p>This server could not verify 
that you[\n]"
2010/05/06 15:51:23:973 MESZ [DEBUG] wire - << "are authorized to access the 
document[\n]"
2010/05/06 15:51:23:973 MESZ [DEBUG] wire - << "requested.  Either you supplied 
the wrong[\n]"
2010/05/06 15:51:23:974 MESZ [DEBUG] wire - << "credentials (e.g., bad 
password), or your[\n]"
2010/05/06 15:51:23:974 MESZ [DEBUG] wire - << "browser doesn't understand how 
to supply[\n]"
2010/05/06 15:51:23:974 MESZ [DEBUG] wire - << "the credentials 
required.</p>[\n]"
2010/05/06 15:51:23:974 MESZ [DEBUG] wire - << "<hr>[\n]"
2010/05/06 15:51:23:974 MESZ [DEBUG] wire - << "<address>Apache/2.2.9 (Debian) 
mod_auth_kerb/5.3 DAV/2 SVN/1.5.1 mod_fastcgi/2.4.6 mod_jk/1.2.26 
PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 
mod_ssl/2.2.9 OpenSSL/0.9.8g mod_wsgi/2.5 Server at blao.de Port 
80</address>[\n]"
2010/05/06 15:51:23:974 MESZ [DEBUG] wire - << "</body></html>[\n]"
2010/05/06 15:51:23:974 MESZ [DEBUG] SingleClientConnManager - Releasing 
connection 
org.apache.http.impl.conn.singleclientconnmanager$connadap...@3747c1db
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.9 (Debian) mod_auth_kerb/5.3 DAV/2 SVN/1.5.1 
mod_fastcgi/2.4.6 mod_jk/1.2.26 PHP/5.2.6-1+lenny8 with Suhosin-Patch 
mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g mod_wsgi/2.5 Server 
at blao.de Port 80</address>
</body></html>

----------------------------------------
2010/05/06 15:51:23:975 MESZ [DEBUG] DefaultClientConnection - Connection shut 
down


> kerberos auth not working
> -------------------------
>
>                 Key: HTTPCLIENT-934
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-934
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: Examples, HttpClient
>    Affects Versions: 4.1 Alpha1
>            Reporter: Dennis Rieks
>            Priority: Minor
>
> Hi,
> i used org/apache/http/examples/client/ClientKerberosAuthentication.java to 
> test kerberos authentication.
> My Setup:
> Apache2 on Debian (virtual machine "server4.kdctest.local") is setup to 
> deliver kerberos authenticated content via http and https.
> The Kerberos kdc (virtual maschine "kdc.kdctest.local") also runs on debian.
> On my Desktop (ubuntu) i can use kinit/klist/kdestory to sign in on the 
> kerberos domain and server4 only delivers content when signed on. 
> I used firefox (with extra settings for http in about:config) and curl (curl 
> -k --negotiate -u : http://server4.kdctest.local/test.php) to test my 
> kerberos setup.
> The Problem:
> ClientKerberosAuthentication always asks the username/password and dont care 
> about kinit. Also there is always an http 401 error and no content is 
> deliverd.
> I used the latest svn version of httpclient

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org