Hi Team,
I come across application where Kerboros authentication is being used. It is
confirmed with the error message "Kerberos Authentication Error" in the
replay corresponding to the url. Please find below configuration which has
been done so far.
Jmeter Version - Jmeter 3.2
Error Message - Server not found in Kerberos database (7)
Any leads for the shared error message?
krb5.configuration
##############################################################################
[libdefaults]
default_realm = PC.INTERNAL.XXXX.COM
udp_preference_limit = 1
default_tkt_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
kdc_timesync = 1
ccache_type = 4
forwardable = true
[realms]
PC.INTERNAL.XXXX.COM = {
kdc = PC.INTERNAL.XXXX.COM:88
default_domain = PC.INTERNAL.XXXX.COM
}
[domain_realm]
.pc.internal.XXXX.com = PC.INTERNAL.XXXX.COM
################################################################################
jaas.configuration
JMeter {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=false
useKeyTab=false
storeKey=false
debug=true;
};
################################################################################
Jmeter Test Plan
HTTP AUTHORIZATION MANAGER has been added as a child of fail sample. Please
find below configuration for the same.
BaseUrl- Empty
Username - Entered
Password - Entered
Domain - PC.INTERNAL.XXXX
Realm - PC.INTERNAL.XXXX.COM
Mechanism - KERBEROS
HTTP implementation is HTTPCLIENT4
################################################################################
System.properties
java.security.krb5.conf=krb5.conf
java.security.auth.login.config=jaas.conf
Debug config has been done to get the error message during the replay.
java.security.debug=gssloginconfig,configfile,configparser,logincontext
sun.security.krb5.debug=true
################################################################################
Jmeter.Properties
# Name of application module used in jaas.conf
kerberos_jaas_application=JMeter
################################################################################
Please find below stack trace for the same
Java config name: krb5.conf
Loaded from Java config
[Krb5LoginModule] user entered username: USERNAME
>>> KdcAccessibility: reset
default etypes for default_tkt_enctypes: 18 17.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=PC.INTERNAL.XXXX.COM TCP:88, timeout=30000, number
>>> of retries =3, #bytes=168
>>> KDCCommunication: kdc=PC.INTERNAL.XXXX.COM TCP:88, timeout=30000,Attempt
>>> =1, #bytes=168
>>>DEBUG: TCPClient reading 226 bytes
>>> KrbKdcReq send: #bytes read=226
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = PC.INTERNAL.XXXX.COMUSERNAME,
s2kparams = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
>>> KdcAccessibility: remove PC.INTERNAL.XXXX.COM:88
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Mon Nov 27 10:30:55 IST 2017 1511758855000
suSec is 84719
error code is 25
error Message is Additional pre-authentication required
sname is krbtgt/[email protected]
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = PC.INTERNAL.XXXX.COMUSERNAME,
s2kparams = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
default etypes for default_tkt_enctypes: 18 17.
default etypes for default_tkt_enctypes: 18 17.
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=PC.INTERNAL.XXXX.COM TCP:88, timeout=30000, number
>>> of retries =3, #bytes=250
>>> KDCCommunication: kdc=PC.INTERNAL.XXXX.COM TCP:88, timeout=30000,Attempt
>>> =1, #bytes=250
>>>DEBUG: TCPClient reading 4421 bytes
>>> KrbKdcReq send: #bytes read=4421
>>> KdcAccessibility: remove PC.INTERNAL.XXXX.COM:88
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbAsRep cons in KrbAsReq.getReply USERNAME
principal is [email protected]
Commit Succeeded
Found ticket for [email protected] to go to
krbtgt/[email protected] expiring on Mon Nov 27
20:30:55 IST 2017
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for [email protected] to go to
krbtgt/[email protected] expiring on Mon Nov 27
20:30:55 IST 2017
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 18 17.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbKdcReq send: kdc=PC.INTERNAL.XXXX.COM TCP:88, timeout=30000, number
>>> of retries =3, #bytes=4349
>>> KDCCommunication: kdc=PC.INTERNAL.XXXX.COM TCP:88, timeout=30000,Attempt
>>> =1, #bytes=4349
>>>DEBUG: TCPClient reading 134 bytes
>>> KrbKdcReq send: #bytes read=134
>>> KdcAccessibility: remove PC.INTERNAL.XXXX.COM:88
>>> KDCRep: init() encoding tag is 126 req type is 13
>>>KRBError:
sTime is Mon Nov 27 10:30:57 IST 2017 1511758857000
suSec is 32968
error code is 7
error Message is Server not found in Kerberos database
sname is HTTP/[email protected]
msgType is 30
KrbException: Server not found in Kerberos database (7)
at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown
Source)
at
sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown
Source)
at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(Unknown
Source)
at sun.security.jgss.spnego.SpNegoContext.initSecContext(Unknown
Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at
org.apache.http.impl.auth.GGSSchemeBase.generateGSSToken(GGSSchemeBase.java:124)
at
org.apache.http.impl.auth.SPNegoScheme.generateToken(SPNegoScheme.java:95)
at
org.apache.http.impl.auth.GGSSchemeBase.authenticate(GGSSchemeBase.java:223)
at
org.apache.http.impl.auth.SPNegoScheme.authenticate(SPNegoScheme.java:85)
at
org.apache.http.client.protocol.RequestAuthenticationBase.authenticate(RequestAuthenticationBase.java:120)
at
org.apache.http.client.protocol.RequestAuthenticationBase.process(RequestAuthenticationBase.java:83)
at
org.apache.http.client.protocol.RequestTargetAuthentication.process(RequestTargetAuthentication.java:82)
at
org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:133)
at
org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:167)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:484)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.lambda$executeRequest$3(HTTPHC4Impl.java:632)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:630)
at
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:413)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.followRedirects(HTTPSamplerBase.java:1542)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.resultProcessing(HTTPSamplerBase.java:1636)
at
org.apache.jmeter.protocol.http.sampler.HTTPAbstractImpl.resultProcessing(HTTPAbstractImpl.java:519)
at
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:493)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1189)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1178)
at
org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:491)
at
org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:425)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:254)
at java.lang.Thread.run(Unknown Source)
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)
at sun.security.krb5.internal.TGSRep.init(Unknown Source)
at sun.security.krb5.internal.TGSRep.<init>(Unknown Source)
... 42 more
--
Sent from: http://www.jmeter-archive.org/JMeter-User-f512775.html
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
