Thanks for your answer Freeman I already tried the examples you mentioned before but couldn't get them to work. However, as they seemed to address the problem I was facing I gave them another try, to no avail.
Until yesterday, after I installed java 7 (java version "1.7.0_03") suddenly everything was working fine. But as we're deploying our services to WAS which uses java 6 this is no acceptable solution. Maybe someone can help me to get the examples working under java 6 ? Or point me to some possible working alternatives? I also stumbled upon the following bug, but I don't think it applies to my problem: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7061379 My configuration: Source: https://svn.apache.org/repos/asf/cxf/trunk/ Redhat Linux server : narvi.sfb SPN (*): HTTP/_kerbisspoc-service.melkweg.tld KDC server: corx01.melkweg.tld (*): both the client & the server use the same SPN Content of /etc/krb5.conf: [libdefaults] default_realm = MELKWEG.TLD [realms] MELKWEG.TLD = { kdc = corx01.melkweg.tld } [domain_realm] .sfb = MELKWEG.TLD Content of Login.jaas: client { com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=true debug=true keyTab="/etc/_kerbisspoc.keytab" principal="HTTP/_kerbisspoc-service.melkweg.tld@"; }; server { com.sun.security.auth.module.Krb5LoginModule required debug=true refreshKrb5Config=true useKeyTab=true storeKey=true keyTab="/etc/_kerbisspoc.keytab" principal="HTTP/[email protected]"; }; Context of client.xml (relevant part): <bean id="kerberosValidator" class="org.apache.ws.security.validate.KerberosTokenValidator"> <property name="contextName" value="server"/> <property name="serviceName" value="HTTP/_kerbisspoc-service.melkweg.tld@"/> </bean> Context of server.xml (relevant part): <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricPort"; createdFromAPI="true"> <jaxws:properties> <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> <entry key="ws-security.encryption.username" value="bob"/> <entry key="ws-security.kerberos.client"> <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient"> <constructor-arg ref="cxf"/> <property name="contextName" value="client"/> <property name="serviceName" value="HTTP/_kerbisspoc-service.melkweg.tld@"/> </bean> </entry> </jaxws:properties> </jaxws:client> Command line for the test: mvn test -Pnochecks -Dsun.security.krb5.debug=true -Dtest=KerberosTokenTest -Djava.security.auth.login.config=src/test/resources/kerberos.jaas Output using version "1.6.0_25": ------------------------------------------------------- T E S T S ------------------------------------------------------- Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest In testKerberosOverSymmetric. Unrestricted policies installed Debug is true storeKey false useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false useFirstPass is false storePass is false clearPass is false Refreshing Kerberos configuration Config name: /etc/krb5.conf >>> KdcAccessibility: reset >>> KeyTabInputStream, readName(): MELKWEG.TLD >>> KeyTabInputStream, readName(): HTTP >>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld >>> KeyTab: load() entry length: 83; type: 23 Added key: 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 23 16 17 18. principal's key obtained from the keytab Acquire TGT using AS Exchange Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 23 16 17 18. >>> KrbAsReq calling createMessage >>> KrbAsReq in createMessage >>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>> retries =3, #bytes=166 >>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>> =1, #bytes=166 >>> KrbKdcReq send: #bytes read=631 >>> KrbKdcReq send: #bytes read=631 >>> KdcAccessibility: remove corx01.melkweg.tld >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld principal is HTTP/[email protected] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39 BC C1 C7 75 22 6B CF 95 B5 E9 .....9...u"k.... Commit Succeeded Found ticket for HTTP/[email protected] to go to krbtgt/[email protected] expiring on Thu Apr 26 03:30:36 CEST 2012 Entered Krb5Context.initSecContext with state=STATE_NEW Found ticket for HTTP/[email protected] to go to krbtgt/[email protected] expiring on Thu Apr 26 03:30:36 CEST 2012 Service ticket not found in the subject >>> Credentials acquireServiceCreds: same realm Using builtin default etypes for default_tgs_enctypes default etypes for default_tgs_enctypes: 3 1 23 16 17 18. >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>> retries =3, #bytes=665 >>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>> =1, #bytes=665 >>> KrbKdcReq send: #bytes read=627 >>> KrbKdcReq send: #bytes read=627 >>> KdcAccessibility: remove corx01.melkweg.tld >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000 >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType Krb5Context setting mySeqNumber to: 19043227 Krb5Context setting peerSeqNumber to: 0 Created InitSecContextToken: 0000: 01 00 6E 82 02 1F 30 82 02 1B A0 03 02 01 05 A1 ..n...0......... 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................ 0020: 2B 61 82 01 27 30 82 01 23 A0 03 02 01 05 A1 0D +a..'0..#....... 0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30 ..MELKWEG.TLD.20 0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50 0......)0'..HTTP 0050: 1B 1F 5F 6B 65 72 62 74 6F 6D 70 6F 63 2D 73 65 .._kerbtompoc-se 0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C rvice.melkweg.tl 0070: 64 A3 81 D8 30 81 D5 A0 03 02 01 17 A1 03 02 01 d...0........... 0080: 02 A2 81 C8 04 81 C5 4D 9E 3F A3 AD 9D AC 7A 13 .......M.?....z. 0090: 7A FB F5 A5 0A 0A 3C E0 27 53 B3 78 FA 21 7F 30 z.....<.'S.x.!.0 00A0: 38 6D 20 95 B3 27 DA 77 31 00 3D CE 98 36 EA 58 8m ..'.w1.=..6.X 00B0: 39 60 85 44 4C 3B 81 AA CE EB 2D D6 6B 94 8A 1B 9`.DL;....-.k... 00C0: C3 54 92 A1 18 E0 41 75 2B 78 CE 43 FF 04 5E 64 .T....Au+x.C..^d 00D0: 22 90 AA EC C1 20 62 D9 9F E2 9F 96 BD FB BF 31 ".... b........1 00E0: 37 E3 C5 74 43 E4 F8 44 C1 84 24 51 4F A1 76 10 7..tC..D..$QO.v. 00F0: 70 5E 96 F9 E4 1B D2 28 9D B8 B6 82 CC 7A FA 59 p^.....(.....z.Y 0100: 07 96 0A 1D A7 01 32 09 DA C7 D5 BE AC DE 1A A0 ......2......... 0110: 49 A5 46 3E B6 C2 F1 8C 39 41 7C C4 AA 32 AA 2A I.F>....9A...2.* 0120: 68 7B 66 0A EF 82 E3 93 A3 0E B0 83 6C 0A 2F 09 h.f.........l./. 0130: 6E D8 59 93 E7 2B 5A 7C C1 88 C7 D8 1E 27 E4 C2 n.Y..+Z......'.. 0140: 61 D9 0A 54 B6 03 9D 85 9A 15 54 55 A4 81 D6 30 a..T......TU...0 0150: 81 D3 A0 03 02 01 03 A2 81 CB 04 81 C8 4E AA 1D .............N.. 0160: 9A 0F 00 61 07 0C FB E7 CE A1 2F 33 D3 74 25 CC ...a....../3.t%. 0170: 5F 67 E8 89 2A 3A B4 66 71 BB A0 0F F0 E5 83 2A _g..*:.fq......* 0180: E3 DD 83 0D DE 16 44 C7 A2 6A 76 01 AD 25 04 B8 ......D..jv..%.. 0190: D3 25 A0 AF 70 C0 DA BB F8 36 A5 F9 9F DA 92 BF .%..p....6...... 01A0: D1 27 96 C7 52 3B 13 B7 8F 32 C9 BA 64 E6 0C C2 .'..R;...2..d... 01B0: 2D 60 55 5D 7C 92 7E D7 B9 A6 8B 5C FD 2E FF D6 -`U].......\.... 01C0: EA 64 C0 2B 42 3D 09 71 85 BD 65 DE 61 AD 6A 3B .d.+B=.q..e.a.j; 01D0: F9 1A F6 B2 DD E1 7A 40 98 F1 86 6C CD B9 E2 5B [email protected]...[ 01E0: D6 F2 A5 E8 4E 15 4B 65 0E 38 3F 8C A9 8C FC 97 ....N.Ke.8?..... 01F0: 93 0A 51 70 6F B4 6E CF E1 67 96 95 B1 08 E6 23 ..Qpo.n..g.....# 0200: BF E9 1B FB 81 18 3B 10 5D 3C 1F 80 55 3A 8E AE ......;.]<..U:.. 0210: EE 5A 70 0A 3A 18 0A 9A 78 83 D5 1B 4D 9F F7 AA .Zp.:...x...M... 0220: D2 3A 8B 55 B6 .:.U. Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false Refreshing Kerberos configuration Config name: /etc/krb5.conf Refreshing Keytab >>> KdcAccessibility: reset >>> KeyTabInputStream, readName(): MELKWEG.TLD >>> KeyTabInputStream, readName(): HTTP >>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld >>> KeyTab: load() entry length: 83; type: 23 Added key: 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 23 16 17 18. principal's key obtained from the keytab Acquire TGT using AS Exchange Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 23 16 17 18. >>> KrbAsReq calling createMessage >>> KrbAsReq in createMessage >>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>> retries =3, #bytes=166 >>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>> =1, #bytes=166 >>> KrbKdcReq send: #bytes read=631 >>> KrbKdcReq send: #bytes read=631 >>> KdcAccessibility: remove corx01.melkweg.tld >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld principal is HTTP/[email protected] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39 BC C1 C7 75 22 6B CF 95 B5 E9 .....9...u"k.... Added server's keyKerberos Principal HTTP/[email protected] Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)= 0000: E7 F7 BA 95 A4 39 BC C1 C7 75 22 6B CF 95 B5 E9 .....9...u"k.... [Krb5LoginModule] added Krb5Principal HTTP/[email protected] to Subject Commit Succeeded Tests run: 12, Failures: 0, Errors: 1, Skipped: 11, Time elapsed: 11.529 sec <<< FAILURE! testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest) Time elapsed: 4.094 sec <<< ERROR! javax.xml.ws.soap.SOAPFaultException: General security error (An error occurred in trying to validate a ticket) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156) at $Proxy42.doubleIt(Unknown Source) at org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverSymmetric(KerberosTokenTest.java:131) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) at org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) at org.junit.runners.ParentRunner.run(ParentRunner.java:236) at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:236) at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:134) at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:113) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189) at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165) at org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85) at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:103) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:74) Caused by: org.apache.cxf.binding.soap.SoapFault: General security error (An error occurred in trying to validate a ticket) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1656) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1521) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1429) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:659) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) ... 34 more Results : Tests in error: testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest): General security error (An error occurred in trying to validate a ticket) Tests run: 12, Failures: 0, Errors: 1, Skipped: 11 Output using version "1.7.0_3": ------------------------------------------------------- T E S T S ------------------------------------------------------- Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest In testKerberosOverSymmetric. Unrestricted policies installed Debug is true storeKey false useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false useFirstPass is false storePass is false clearPass is false Refreshing Kerberos configuration Config name: /etc/krb5.conf >>> KdcAccessibility: reset >>> KdcAccessibility: reset >>> KeyTabInputStream, readName(): MELKWEG.TLD >>> KeyTabInputStream, readName(): HTTP >>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld >>> KeyTab: load() entry length: 83; type: 23 Added key: 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. Added key: 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>> KrbAsReq creating message >>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>> retries =3, #bytes=166 >>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>> =1, #bytes=166 >>> KrbKdcReq send: #bytes read=631 >>> KdcAccessibility: remove corx01.melkweg.tld Added key: 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld principal is HTTP/[email protected] Will use keytab Commit Succeeded Found ticket for HTTP/[email protected] to go to krbtgt/[email protected] expiring on Thu Apr 26 03:33:58 CEST 2012 Entered Krb5Context.initSecContext with state=STATE_NEW Found ticket for HTTP/[email protected] to go to krbtgt/[email protected] expiring on Thu Apr 26 03:33:58 CEST 2012 Service ticket not found in the subject >>> Credentials acquireServiceCreds: same realm Using builtin default etypes for default_tgs_enctypes default etypes for default_tgs_enctypes: 18 17 16 23 1 3. >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>> retries =3, #bytes=665 >>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>> =1, #bytes=665 >>> KrbKdcReq send: #bytes read=643 >>> KdcAccessibility: remove corx01.melkweg.tld >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000 >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType Krb5Context setting mySeqNumber to: 87301791 Krb5Context setting peerSeqNumber to: 0 Created InitSecContextToken: 0000: 01 00 6E 82 02 2B 30 82 02 27 A0 03 02 01 05 A1 ..n..+0..'...... 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................ 0020: 33 61 82 01 2F 30 82 01 2B A0 03 02 01 05 A1 0D 3a../0..+....... 0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30 ..MELKWEG.TLD.20 0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50 0......)0'..HTTP 0050: 1B 1F 5F 6B 65 72 62 69 73 73 70 6F 63 2D 73 65 .._kerbisspoc-se 0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C rvice.melkweg.tl 0070: 64 A3 81 E0 30 81 DD A0 03 02 01 17 A1 03 02 01 d...0........... 0080: 04 A2 81 D0 04 81 CD BB FE 9C 11 EC DB 48 8D 5E .............H.^ 0090: D5 C7 B8 C8 A9 6F 42 E3 09 F1 C5 33 C7 A6 5C B5 .....oB....3..\. 00A0: EE B8 E5 6C 8E EC 5C BB 15 07 17 1E 10 BC D2 78 ...l..\........x 00B0: 5E 06 6F FC 7E D7 54 9A 7C DD CC 55 90 98 F1 BF ^.o...T....U.... 00C0: 45 BD 98 31 44 0F 6E F9 E6 99 8E FD 2C C8 DA E5 E..1D.n.....,... 00D0: 92 2D A0 3D 9A 87 EC BD 44 CC 7C 72 ED B7 21 58 .-.=....D..r..!X 00E0: 66 2D A4 36 A0 F9 4E 0E D4 7B 69 4B 2E 12 5B A4 f-.6..N...iK..[. 00F0: 77 B0 10 8E B4 6F 4A 9E D1 89 BC 7C 53 E5 17 60 w....oJ.....S..` 0100: 0B FB 7F 25 7C 56 E3 39 83 1C 97 38 85 ED C8 6A ...%.V.9...8...j 0110: C4 88 13 1D 48 4F 48 07 76 60 4D B7 CD 43 B1 A0 ....HOH.v`M..C.. 0120: B8 BB 8D F5 C6 14 CF 8D 41 30 4E BC A4 C3 99 D1 ........A0N..... 0130: E7 FE F6 42 9D 44 1F 39 E7 37 B6 04 BD FF ED 37 ...B.D.9.7.....7 0140: CD C1 6A 79 B4 6C 2B 65 09 22 E1 2C 5B A8 21 76 ..jy.l+e.".,[.!v 0150: D5 91 AB 7D A4 81 DA 30 81 D7 A0 03 02 01 17 A2 .......0........ 0160: 81 CF 04 81 CC B7 75 8C 38 22 08 CE BE C4 B8 9C ......u.8"...... 0170: 85 19 DC F9 8F 64 33 A2 9D 9A 8C C6 7A 72 DA 2E .....d3.....zr.. 0180: 77 BC 6C D6 09 08 E9 4A D6 CC C5 6B 95 89 3D 63 w.l....J...k..=c 0190: E0 B9 B1 A0 8F 70 B8 41 01 80 F4 C9 34 16 36 D1 .....p.A....4.6. 01A0: 34 55 91 14 4D DE BF 7A 54 D3 7C 39 A2 02 59 A8 4U..M..zT..9..Y. 01B0: 1B 40 70 FC D3 86 E7 62 92 4B 42 75 4F 92 8A 1C [email protected]... 01C0: B4 2F 09 77 F4 27 86 72 37 54 29 99 59 88 3E 42 ./.w.'.r7T).Y.>B 01D0: 00 EB 73 74 44 AA 9B 28 F7 7E 58 00 8F D9 06 ED ..stD..(..X..... 01E0: 59 52 3C EF B9 A9 45 B4 97 BC CC D4 1F 4F D7 45 YR<...E......O.E 01F0: 66 58 A3 31 34 A4 63 C0 E9 19 5D 80 71 37 34 33 fX.14.c...].q743 0200: 5E 2D 45 77 53 BF 6A 1F 21 41 0A 4B C6 DF 60 54 ^-EwS.j.!A.K..`T 0210: D4 EE C4 A1 55 48 6B AF 0C BD 52 46 8B C4 C9 FB ....UHk...RF.... 0220: 75 76 5F 99 D6 26 26 DC 5B 10 E9 18 88 E2 9B 57 uv_..&&.[......W 0230: 07 . Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false Refreshing Kerberos configuration Config name: /etc/krb5.conf >>> KdcAccessibility: reset Added key: 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. Added key: 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>> KrbAsReq creating message >>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>> retries =3, #bytes=166 >>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>> =1, #bytes=166 >>> KrbKdcReq send: #bytes read=631 >>> KdcAccessibility: remove corx01.melkweg.tld Added key: 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld principal is HTTP/[email protected] Will use keytab Added key: 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. Commit Succeeded Found KeyTab Found KerberosKey for HTTP/[email protected] Entered Krb5Context.acceptSecContext with state=STATE_NEW Added key: 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType Using builtin default etypes for permitted_enctypes default etypes for permitted_enctypes: 18 17 16 23 1 3. >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType replay cache for HTTP/[email protected] is null. object 0: 1335368038927/927468 object 0: 1335368038927/927468 >>> KrbApReq: authenticate succeed. Krb5Context setting peerSeqNumber to: 87301791 Krb5Context setting mySeqNumber to: 87301791 Tests run: 12, Failures: 0, Errors: 0, Skipped: 11, Time elapsed: 7.707 sec Results : Tests run: 12, Failures: 0, Errors: 0, Skipped: 11 So, does anybody know if this is my own fault, or if it is caused by a bug in java? -- View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5665237.html Sent from the cxf-user mailing list archive at Nabble.com.
