Would you mind sharing with me (and the group) how you ran this code? When I run this code I get the following error. The domain controller is a Windows 2000 machine and the machine that I am running this code on is a Windows 2000 machine. The domain controller is ppcdevad01 (I am assuming this is the KDC) the domain is ppc.com and I have an account on the domain as kburton. What could I be doing wrong? I get the same results when I try the Login sample.
Kevin [EMAIL PROTECTED] C:\j2sdk1.4.2\docs\guide\security\jgss\tutorials>java -classpath Login.jar;Sampl eClient.jar -Djava.security.manager -Djava.security.krb5.realm=krbtgt/ppc.co [EMAIL PROTECTED] -Djava.security.krb5.kdc=ppcdevad01 -Djava.security.policy=client. policy - Djava.security.auth.login.config=csLogin.conf Login SampleClient [EMAIL PROTECTED] localhost 4242 Kerberos username [kburton]: Kerberos password for kburton: xxxxxxx Unexpected Exception - unable to continue javax.security.auth.login.LoginException: Pre-authentication information was inv alid (24) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Un known Source) at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access$000(Unknown Source) at javax.security.auth.login.LoginContext$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at Login.main(Login.java:136) Caused by: KrbException: Pre-authentication information was invalid (24) at sun.security.krb5.KrbAsRep.<init>(Unknown Source) at sun.security.krb5.KrbAsReq.getReply(Unknown Source) at sun.security.krb5.Credentials.acquireTGT(Unknown Source) ... 13 more Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.af.a(Unknown Source) at sun.security.krb5.internal.at.a(Unknown Source) at sun.security.krb5.internal.at.<init>(Unknown Source) ... 16 more C:\j2sdk1.4.2\docs\guide\security\jgss\tutorials> "Oliver Schoett" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I have been playing with the Sun GSS/Kerberos sample code in > > http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/ClientServer.html > > and noticed that the client in this scenario needs only a Kerberos > ticket (for example, obtained from an initial Windows logon), whereas > the server needs a key (secret information)|. |This creates a key > management problem for our servers, which I would like to avoid. > > Why is it that the server needs a key, when in principle, a ticket > should be enough to prove one's identity? > > Oliver Schoett ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
