reporting a problem with LDAP auth to Windows Active Directory with Kerberos using the default spnegoDelegationQop="auth-conf" value for Tomcat 9.0.31 and 9.0.52
Kerberos+LDAP working again (presumably by having our Tomcat LDAP user used always for LDAP connection authentication and not using the end user's Kerberos credential for the LDAP connection) As additional information, if relevant, our Windows domain controllers have the following LDAP connection security setting: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LdapEnforceChannelBinding = 1 >From the Microsoft KB article at >https://support.microsoft.com/en-us/topic/use-the-ldapenforcechannelbinding-registry-entry-to-make-ldap-authentication-over-ssl-tls-more-secure-e9ecfa27-5e57-8519-6ba3-d2c06b21812e DWORD value: 1 indicates enabled, when supported. All clients that are running on a version of Windows that has been updated to support channel binding tokens (CBT) must provide channel binding information to the server. Clients that are running a version of Windows that has not been updated to support CBT do not have to do so. This is an intermediate option that allows for application compatibility. I also tested previous versions of Tomcat and found the LDAP+Kerberos problem described started with Tomcat v9.0.31 (and worked with Tomcat v9.0.30). My conclusion so far is that when using LDAP+Kerberos with Tomcat 9.0.52, the spnegoDelegationQop values of auth-conf and auth-int don't successfully authenticate any longer against our Windows domain controllers, but Tomcat 9.0.30 (using the default auth-conf setting as I had not specified this setting at all) did authenticate successfully. Given that the problem starts with the auth-int setting, maybe the issue is the Kerberos delegation integrity connection setting. Going through the Tomcat changelogs, the bug report could be related as it describes changes in this code area first released in Tomcat v9.0.31: https://bz.apache.org/bugzilla/show_bug.cgi?id=64011 This may well be some subtle interaction between Tomcat, the JVM and our Active Directory servers and may not be a Tomcat problem at all. I wanted to report it for comment and to let others know who may find the same issue in their own environments what worked for me so far. Regards, Tim Miller Dyck Tim Miller Dyck (he / him), BMath Hon. (CS), MA - Technical Architect Kindred Credit Union Toll Free: 1.888.672.6728, Ext. 5311 | Tel: 519.746.1010 Cell: 519.588.9192 | www.kindredcu.com Information sent by way of public internet email is non-secure as it is not encrypted. Kindred Credit Union, Qtrade Asset Management Inc., and Credential Qtrade Securities Inc. are not responsible if this information is intercepted and misused. This email and any attachments are confidential, may be covered by legal professional privilege or exempt from disclosure under applicable law, and are intended for the addressee only. If you are not the intended recipient, you are not authorized to and must not disclose, copy, distribute or retain any or part of this email and any attachment without written permission from Kindred Credit Union and/or Qtrade Asset Management Inc. and/or Credential Qtrade Securities Inc. If you have received it in error, please notify the sender immediately and delete the original. We honour similar requests relating to the privacy of email communications.
An unrecoverable stack overflow has occurred.
I get the following error periodically which causes my Tomcat service to stop. There do not seem to be any exceptions listed in my log files, only the An unrecoverable stack overflow has occurred. error listed in the jakarta_service_mmdd.log file. I am running tomcat5.5.23 on a windows 2000 machine as a service. I used the service.bat file included with the tomcat downloads to create this service. I have tried a few things that i dug up while researching this error. The first time it happened, i increase the values for --JvmMs 128 --JvmMx 256 to --JvmMs 256 --JvmMx 512. It didnt take right away, but the next day, after one crash, the error stopped. The next time it happened, i found that there may be an issue with Tomcat 5.5 15+ where JSP files are cached - the solution, which worked immediately was to add this to the options -Djava.io.tmpdir=%CATALINA_BASE%\temp;-Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true The third time, I found that there were a lot of bug fixes since the version i was using to the current ( 5.5.20 - 5.5.23 ). after installing 23, it was fine. This time, i was asked to increase the session timeout, so i updated the web.xml files and restarted the service - it started failing immediately afterward. I haven't the slightest idea what could be going on. I have tried using JProfiler and modifying code in an attempt to reduce memory usage, but i don't think that had any effect. I don't have any problems when running/testing the application locally through Eclipse.. This only occurs on the 'prod' server. Please help, my users are not pleased. Thanks Tim Miller. -- View this message in context: http://www.nabble.com/An-unrecoverable-stack-overflow-has-occurred.-tf442.html#a11360789 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: An unrecoverable stack overflow has occurred.
I gave that a shot, it didn't seem to matter. after a couple of minutes of normal flow through the app, it crashed again. I did find the following info that i wasn't previously aware of. Every time it crashes, this file is produced in the system32 dir : # # An unexpected error has been detected by HotSpot Virtual Machine: # # EXCEPTION_STACK_OVERFLOW (0xc0fd) at pc=0x080ad956, pid=1800, tid=1876 # # Java VM: Java HotSpot(TM) Server VM (1.4.2_13-b06 mixed mode) # Problematic frame: # V [jvm.dll+0xad956] # --- T H R E A D --- Current thread (0x00655068): JavaThread CompilerThread0 daemon [_thread_in_native, id=1876] siginfo: ExceptionCode=0xc0fd, ExceptionInformation=0x0001 0x545c0ffc Registers: EAX=0x55f14810, EBX=0x55f14810, ECX=0x545ff534, EDX=0x0001 ESP=0x545c1000, EBP=0x0002, ESI=0x, EDI=0x545ff494 EIP=0x080ad956, EFLAGS=0x00010202 Top of Stack: (sp=0x545c1000) 0x545c1000: 55f14810 545ff534 080ada7a 545ff494 0x545c1010: 55f14810 545ff494 0037 0x545c1020: 55ff98cc 545ff534 080ada7a 545ff494 0x545c1030: 55f14810 545ff494 0001 0x545c1040: 55ff988c 545ff534 080ada7a 545ff494 0x545c1050: 55ff98cc 545ff494 0002 0x545c1060: 55ff985c 545ff534 080ada7a 545ff494 0x545c1070: 55ff988c 545ff494 0001 Instructions: (pc=0x080ad956) 0x080ad946: 5e 83 c4 0c c2 04 00 90 90 90 51 53 8b 5c 24 10 0x080ad956: 55 8b e9 8b 4b 1c 56 57 8b 7c 24 18 8b d1 89 6c Stack: [0x545c,0x5460), sp=0x545c1000, free space=4k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [jvm.dll+0xad956] I am researching this at the moment, does it ring any bells with you? Thanks, Tim. mgainty wrote: Tim-- what happens when you double the JAVA_OPTS ThreadStackSize from -XX:ThreadStackSize=512 to -XX:ThreadStackSize=1024 http://java.sun.com/javase/technologies/hotspot/vmoptions.jsp Anyone else? M-- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Tim Miller [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Friday, June 29, 2007 10:09 AM Subject: An unrecoverable stack overflow has occurred. I get the following error periodically which causes my Tomcat service to stop. There do not seem to be any exceptions listed in my log files, only the An unrecoverable stack overflow has occurred. error listed in the jakarta_service_mmdd.log file. I am running tomcat5.5.23 on a windows 2000 machine as a service. I used the service.bat file included with the tomcat downloads to create this service. I have tried a few things that i dug up while researching this error. The first time it happened, i increase the values for --JvmMs 128 --JvmMx 256 to --JvmMs 256 --JvmMx 512. It didnt take right away, but the next day, after one crash, the error stopped. The next time it happened, i found that there may be an issue with Tomcat 5.5 15+ where JSP files are cached - the solution, which worked immediately was to add this to the options -Djava.io.tmpdir=%CATALINA_BASE%\temp;-Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true The third time, I found that there were a lot of bug fixes since the version i was using to the current ( 5.5.20 - 5.5.23 ). after installing 23, it was fine. This time, i was asked to increase the session timeout, so i updated the web.xml files and restarted the service - it started failing immediately afterward. I haven't the slightest idea what could be going on. I have tried using JProfiler and modifying code in an attempt to reduce memory usage, but i don't think that had any effect. I don't have any problems when running/testing the application locally through Eclipse.. This only occurs on the 'prod' server. Please help, my users are not pleased. Thanks Tim Miller. -- View this message in context: http://www.nabble.com/An-unrecoverable-stack-overflow-has-occurred.-tf442.html#a11360789 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/An-unrecoverable-stack-overflow-has-occurred.-tf442.html#a11361995 Sent from
