Hi Michael, Once I had to implement SPNEGO protocol, and I think I've seen such errors. Most probably you unwrap SPNEGO tokens in wrong way, which leads to corrupt (or invalid) GSSAPI token.
Best regards, vadim tarassov On Mon, 2006-11-06 at 14:26 -0500, Michael B Allen wrote: > I wrote an SPNEGO Java Servlet Filter that decodes the SPNEGO token, > plucks out the krb5 mechToken and passes it to acceptSecContext. Works > great on Linux/Jetty. Tomcat on Windows gives me the following exception. > Basically it looks like it's failing to decrypt the ticket as if the > password was wrong (but it's not). The service account is set for DES > only. For the service credential, I manually create a KerberosKey with a > plaintext password and enctype of "DES". > > Before I start doing byte for byte checking can anyone recommend potential > reasons for this error? > > GSSException: Failure unspecified at GSS-API level (Mechanism level: > Integrity check on decrypted field failed (31)) > > sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734) > > sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300) > > sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246) > com.ibi.security.spnego.SpnegoFilter.doFilter(SpnegoFilter.java:262) > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
