One of the problems was that I did not install the latest tools from http://go.microsoft.com/fwlink/?LinkId=100114
The default tools used DES-CBC-MD5 and also set DES-only encryption on the account. After installing the updated tools the ktpass command completed as shown in the user guide. I disable DES on the user account and re-ran the ktpass and ktab command. After restarting JBoss I am still not able to complete the secure test. The following exception is raised. anonymous wrote : | 14:24:20,835 TRACE [UsersRolesLoginModule] abort | 14:24:20,835 TRACE [SPNEGO] Login failure | javax.security.auth.login.LoginException: Continuation Required. | at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:156) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:597) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) | at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491) | at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103) | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) | at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) | at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) | at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) | at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) | at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) | at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) | at java.lang.Thread.run(Thread.java:619) | 14:24:20,944 TRACE [SPNEGO] End isValid, false | 14:24:20,960 DEBUG [SPNEGOAuthenticator] authenticated principal = null | 14:24:20,960 TRACE [SPNEGOContext] clear 20096223 | 14:24:20,960 TRACE [SecurityAssociation] clear, server=true | 14:24:20,975 TRACE [SPNEGOAuthenticator] Authenticating user | ... | 14:24:21,507 TRACE [SPNEGOLoginModule] Result - java.io.IOException: Unexpected message type | 14:24:21,507 ERROR [SPNEGOLoginModule] Unable to authenticate | java.io.IOException: Unexpected message type | at org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder.decodeNegTokenTargSequence(NegTokenTargDecoder.java:121) | at org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder.decode(NegTokenTargDecoder.java:137) | at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:261) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.Subject.doAs(Subject.java:337) | at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:113) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:597) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) | at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491) | at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103) | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) | at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) | at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) | at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) | at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) | at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) | at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) | at java.lang.Thread.run(Thread.java:619) | 14:24:21,663 INFO [STDOUT] [Krb5LoginModule]: Entering logout | 14:24:21,663 INFO [STDOUT] [Krb5LoginModule]: logged out Subject | 14:24:21,663 TRACE [SPNEGOLoginModule] abort | 14:24:21,663 TRACE [UsersRolesLoginModule] initialize, [EMAIL PROTECTED] | 14:24:21,663 TRACE [UsersRolesLoginModule] Security domain: SPNEGO | 14:24:21,663 TRACE [UsersRolesLoginModule] findResource: null | 14:24:21,663 TRACE [UsersRolesLoginModule] Properties file=file:/C:/jboss-4.2.3.GA/server/default/conf/props/spnego-users.properties, defaults=null | 14:24:21,663 DEBUG [UsersRolesLoginModule] Loaded properties, users=[] | 14:24:21,695 TRACE [UsersRolesLoginModule] findResource: null | 14:24:21,695 TRACE [UsersRolesLoginModule] Properties file=file:/C:/jboss-4.2.3.GA/server/default/conf/props/spnego-roles.properties, defaults=null | 14:24:21,695 DEBUG [UsersRolesLoginModule] Loaded properties, users=[operator, [EMAIL PROTECTED], [EMAIL PROTECTED], user, [EMAIL PROTECTED], [EMAIL PROTECTED], other, [EMAIL PROTECTED], [EMAIL PROTECTED], sysop] | 14:24:21,695 TRACE [UsersRolesLoginModule] abort | 14:24:21,695 TRACE [SPNEGO] Login failure | javax.security.auth.login.LoginException: Unable to authenticate - Unexpected message type | at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:136) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:597) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) | at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491) | at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103) | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) | at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) | at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) | at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) | at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) | at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) | at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) | at java.lang.Thread.run(Thread.java:619) | 14:24:21,804 TRACE [SPNEGO] End isValid, false | 14:24:21,820 DEBUG [SPNEGOAuthenticator] authenticated principal = null | 14:24:21,820 TRACE [SPNEGOContext] clear 20096223 | 14:24:21,820 TRACE [SecurityAssociation] clear, server=true | I think I am very close to get this working, just missing one or two minor things. If you have any suggestion on what I could try to get this working please let me know. Thanks in advance. Alex View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4177426#4177426 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4177426 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
