Could you enable debug logging in WSS4J? It may shed some light on the root exception. Add log4j to the pom and change the rootLogger from WARN to DEBUG in src/test/resource/log4j.properties.
Could you try with a more recent version of JDK 1.6 such as 1.6.0_31? Colm. On Wed, Apr 25, 2012 at 4:49 PM, Henk-Jan <[email protected]> wrote: > Thanks for your answer Freeman > > I already tried the examples you mentioned before but couldn't get them to > work. However, as they seemed to address the problem I was facing I gave > them another try, to no avail. > > Until yesterday, after I installed java 7 (java version "1.7.0_03") suddenly > everything was working fine. But as we're deploying our services to WAS > which uses java 6 this is no acceptable solution. > > Maybe someone can help me to get the examples working under java 6 ? Or > point me to some possible working alternatives? > > I also stumbled upon the following bug, but I don't think it applies to my > problem: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7061379 > > My configuration: > > Source: https://svn.apache.org/repos/asf/cxf/trunk/ > Redhat Linux server : narvi.sfb > SPN (*): HTTP/_kerbisspoc-service.melkweg.tld > KDC server: corx01.melkweg.tld > > (*): both the client & the server use the same SPN > > Content of /etc/krb5.conf: > > [libdefaults] > default_realm = MELKWEG.TLD > > [realms] > MELKWEG.TLD = { > kdc = corx01.melkweg.tld > } > > [domain_realm] > .sfb = MELKWEG.TLD > > Content of Login.jaas: > > client { > com.sun.security.auth.module.Krb5LoginModule required > refreshKrb5Config=true > useKeyTab=true > debug=true > keyTab="/etc/_kerbisspoc.keytab" > principal="HTTP/_kerbisspoc-service.melkweg.tld@"; > }; > > server { > com.sun.security.auth.module.Krb5LoginModule required > debug=true > refreshKrb5Config=true > useKeyTab=true > storeKey=true > keyTab="/etc/_kerbisspoc.keytab" > principal="HTTP/[email protected]"; > }; > > Context of client.xml (relevant part): > > <bean id="kerberosValidator" > class="org.apache.ws.security.validate.KerberosTokenValidator"> > <property name="contextName" value="server"/> > <property name="serviceName" > value="HTTP/_kerbisspoc-service.melkweg.tld@"/> > </bean> > > Context of server.xml (relevant part): > > <jaxws:client > name="{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricPort"; > createdFromAPI="true"> > <jaxws:properties> > <entry key="ws-security.encryption.properties" > > value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> > <entry key="ws-security.encryption.username" value="bob"/> > <entry key="ws-security.kerberos.client"> > <bean > class="org.apache.cxf.ws.security.kerberos.KerberosClient"> > <constructor-arg ref="cxf"/> > <property name="contextName" value="client"/> > <property name="serviceName" > value="HTTP/_kerbisspoc-service.melkweg.tld@"/> > </bean> > </entry> > </jaxws:properties> > </jaxws:client> > > > Command line for the test: > > mvn test -Pnochecks -Dsun.security.krb5.debug=true -Dtest=KerberosTokenTest > -Djava.security.auth.login.config=src/test/resources/kerberos.jaas > > Output using version "1.6.0_25": > > ------------------------------------------------------- > T E S T S > ------------------------------------------------------- > > Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest > In testKerberosOverSymmetric. > Unrestricted policies installed > Debug is true storeKey false useTicketCache false useKeyTab true > doNotPrompt false ticketCache is null isInitiator true KeyTab is > /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is > HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false useFirstPass is > false storePass is false clearPass is false > Refreshing Kerberos configuration > Config name: /etc/krb5.conf >>>> KdcAccessibility: reset >>>> KeyTabInputStream, readName(): MELKWEG.TLD >>>> KeyTabInputStream, readName(): HTTP >>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld >>>> KeyTab: load() entry length: 83; type: 23 > Added key: 23version: 4 > Ordering keys wrt default_tkt_enctypes list > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 3 1 23 16 17 18. > principal's key obtained from the keytab > Acquire TGT using AS Exchange > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 3 1 23 16 17 18. >>>> KrbAsReq calling createMessage >>>> KrbAsReq in createMessage >>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>>> retries =3, #bytes=166 >>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>>> =1, #bytes=166 >>>> KrbKdcReq send: #bytes read=631 >>>> KrbKdcReq send: #bytes read=631 >>>> KdcAccessibility: remove corx01.melkweg.tld >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld > principal is HTTP/[email protected] > EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39 BC C1 > C7 75 22 6B CF 95 B5 E9 .....9...u"k.... > > Commit Succeeded > > Found ticket for HTTP/[email protected] to go to > krbtgt/[email protected] expiring on Thu Apr 26 03:30:36 CEST 2012 > Entered Krb5Context.initSecContext with state=STATE_NEW > Found ticket for HTTP/[email protected] to go to > krbtgt/[email protected] expiring on Thu Apr 26 03:30:36 CEST 2012 > Service ticket not found in the subject >>>> Credentials acquireServiceCreds: same realm > Using builtin default etypes for default_tgs_enctypes > default etypes for default_tgs_enctypes: 3 1 23 16 17 18. >>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>>> retries =3, #bytes=665 >>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>>> =1, #bytes=665 >>>> KrbKdcReq send: #bytes read=627 >>>> KrbKdcReq send: #bytes read=627 >>>> KdcAccessibility: remove corx01.melkweg.tld >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000 >>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType > Krb5Context setting mySeqNumber to: 19043227 > Krb5Context setting peerSeqNumber to: 0 > Created InitSecContextToken: > 0000: 01 00 6E 82 02 1F 30 82 02 1B A0 03 02 01 05 A1 ..n...0......... > 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................ > 0020: 2B 61 82 01 27 30 82 01 23 A0 03 02 01 05 A1 0D +a..'0..#....... > 0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30 ..MELKWEG.TLD.20 > 0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50 0......)0'..HTTP > 0050: 1B 1F 5F 6B 65 72 62 74 6F 6D 70 6F 63 2D 73 65 .._kerbtompoc-se > 0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C rvice.melkweg.tl > 0070: 64 A3 81 D8 30 81 D5 A0 03 02 01 17 A1 03 02 01 d...0........... > 0080: 02 A2 81 C8 04 81 C5 4D 9E 3F A3 AD 9D AC 7A 13 .......M.?....z. > 0090: 7A FB F5 A5 0A 0A 3C E0 27 53 B3 78 FA 21 7F 30 z.....<.'S.x.!.0 > 00A0: 38 6D 20 95 B3 27 DA 77 31 00 3D CE 98 36 EA 58 8m ..'.w1.=..6.X > 00B0: 39 60 85 44 4C 3B 81 AA CE EB 2D D6 6B 94 8A 1B 9`.DL;....-.k... > 00C0: C3 54 92 A1 18 E0 41 75 2B 78 CE 43 FF 04 5E 64 .T....Au+x.C..^d > 00D0: 22 90 AA EC C1 20 62 D9 9F E2 9F 96 BD FB BF 31 ".... b........1 > 00E0: 37 E3 C5 74 43 E4 F8 44 C1 84 24 51 4F A1 76 10 7..tC..D..$QO.v. > 00F0: 70 5E 96 F9 E4 1B D2 28 9D B8 B6 82 CC 7A FA 59 p^.....(.....z.Y > 0100: 07 96 0A 1D A7 01 32 09 DA C7 D5 BE AC DE 1A A0 ......2......... > 0110: 49 A5 46 3E B6 C2 F1 8C 39 41 7C C4 AA 32 AA 2A I.F>....9A...2.* > 0120: 68 7B 66 0A EF 82 E3 93 A3 0E B0 83 6C 0A 2F 09 h.f.........l./. > 0130: 6E D8 59 93 E7 2B 5A 7C C1 88 C7 D8 1E 27 E4 C2 n.Y..+Z......'.. > 0140: 61 D9 0A 54 B6 03 9D 85 9A 15 54 55 A4 81 D6 30 a..T......TU...0 > 0150: 81 D3 A0 03 02 01 03 A2 81 CB 04 81 C8 4E AA 1D .............N.. > 0160: 9A 0F 00 61 07 0C FB E7 CE A1 2F 33 D3 74 25 CC ...a....../3.t%. > 0170: 5F 67 E8 89 2A 3A B4 66 71 BB A0 0F F0 E5 83 2A _g..*:.fq......* > 0180: E3 DD 83 0D DE 16 44 C7 A2 6A 76 01 AD 25 04 B8 ......D..jv..%.. > 0190: D3 25 A0 AF 70 C0 DA BB F8 36 A5 F9 9F DA 92 BF .%..p....6...... > 01A0: D1 27 96 C7 52 3B 13 B7 8F 32 C9 BA 64 E6 0C C2 .'..R;...2..d... > 01B0: 2D 60 55 5D 7C 92 7E D7 B9 A6 8B 5C FD 2E FF D6 -`U].......\.... > 01C0: EA 64 C0 2B 42 3D 09 71 85 BD 65 DE 61 AD 6A 3B .d.+B=.q..e.a.j; > 01D0: F9 1A F6 B2 DD E1 7A 40 98 F1 86 6C CD B9 E2 5B [email protected]...[ > 01E0: D6 F2 A5 E8 4E 15 4B 65 0E 38 3F 8C A9 8C FC 97 ....N.Ke.8?..... > 01F0: 93 0A 51 70 6F B4 6E CF E1 67 96 95 B1 08 E6 23 ..Qpo.n..g.....# > 0200: BF E9 1B FB 81 18 3B 10 5D 3C 1F 80 55 3A 8E AE ......;.]<..U:.. > 0210: EE 5A 70 0A 3A 18 0A 9A 78 83 D5 1B 4D 9F F7 AA .Zp.:...x...M... > 0220: D2 3A 8B 55 B6 .:.U. > > Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt > false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab > refreshKrb5Config is true principal is > HTTP/[email protected] tryFirstPass is false > useFirstPass is false storePass is false clearPass is false > Refreshing Kerberos configuration > Config name: /etc/krb5.conf > Refreshing Keytab >>>> KdcAccessibility: reset >>>> KeyTabInputStream, readName(): MELKWEG.TLD >>>> KeyTabInputStream, readName(): HTTP >>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld >>>> KeyTab: load() entry length: 83; type: 23 > Added key: 23version: 4 > Ordering keys wrt default_tkt_enctypes list > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 3 1 23 16 17 18. > principal's key obtained from the keytab > Acquire TGT using AS Exchange > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 3 1 23 16 17 18. >>>> KrbAsReq calling createMessage >>>> KrbAsReq in createMessage >>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>>> retries =3, #bytes=166 >>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>>> =1, #bytes=166 >>>> KrbKdcReq send: #bytes read=631 >>>> KrbKdcReq send: #bytes read=631 >>>> KdcAccessibility: remove corx01.melkweg.tld >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld > principal is HTTP/[email protected] > EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39 BC C1 > C7 75 22 6B CF 95 B5 E9 .....9...u"k.... > > Added server's keyKerberos Principal > HTTP/[email protected] Version 4key > EncryptionKey: keyType=23 keyBytes (hex dump)= > 0000: E7 F7 BA 95 A4 39 BC C1 C7 75 22 6B CF 95 B5 E9 .....9...u"k.... > > [Krb5LoginModule] added Krb5Principal > HTTP/[email protected] to Subject > Commit Succeeded > > Tests run: 12, Failures: 0, Errors: 1, Skipped: 11, Time elapsed: 11.529 sec > <<< FAILURE! > testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest) > Time elapsed: 4.094 sec <<< ERROR! > javax.xml.ws.soap.SOAPFaultException: General security error (An error > occurred in trying to validate a ticket) > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156) > at $Proxy42.doubleIt(Unknown Source) > at > org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverSymmetric(KerberosTokenTest.java:131) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20) > at > org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) > at > org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184) > at > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) > at > org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) > at org.junit.runners.ParentRunner.run(ParentRunner.java:236) > at > org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:236) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:134) > at > org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:113) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189) > at > org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165) > at > org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85) > at > org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:103) > at > org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:74) > Caused by: org.apache.cxf.binding.soap.SoapFault: General security error (An > error occurred in trying to validate a ticket) > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at > org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113) > at > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) > at > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798) > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1656) > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1521) > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1429) > at > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) > at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:659) > at > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89) > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) > ... 34 more > > Results : > > Tests in error: > > testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest): > General security error (An error occurred in trying to validate a ticket) > > Tests run: 12, Failures: 0, Errors: 1, Skipped: 11 > > Output using version "1.7.0_3": > > ------------------------------------------------------- > T E S T S > ------------------------------------------------------- > Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest > In testKerberosOverSymmetric. > Unrestricted policies installed > Debug is true storeKey false useTicketCache false useKeyTab true > doNotPrompt false ticketCache is null isInitiator true KeyTab is > /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is > HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false useFirstPass is > false storePass is false clearPass is false > Refreshing Kerberos configuration > Config name: /etc/krb5.conf >>>> KdcAccessibility: reset >>>> KdcAccessibility: reset >>>> KeyTabInputStream, readName(): MELKWEG.TLD >>>> KeyTabInputStream, readName(): HTTP >>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld >>>> KeyTab: load() entry length: 83; type: 23 > Added key: 23version: 4 > Ordering keys wrt default_tkt_enctypes list > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 18 17 16 23 1 3. > Added key: 23version: 4 > Ordering keys wrt default_tkt_enctypes list > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 18 17 16 23 1 3. > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>>> KrbAsReq creating message >>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>>> retries =3, #bytes=166 >>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>>> =1, #bytes=166 >>>> KrbKdcReq send: #bytes read=631 >>>> KdcAccessibility: remove corx01.melkweg.tld > Added key: 23version: 4 > Ordering keys wrt default_tkt_enctypes list > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld > principal is HTTP/[email protected] > Will use keytab > Commit Succeeded > > Found ticket for HTTP/[email protected] to go to > krbtgt/[email protected] expiring on Thu Apr 26 03:33:58 CEST 2012 > Entered Krb5Context.initSecContext with state=STATE_NEW > Found ticket for HTTP/[email protected] to go to > krbtgt/[email protected] expiring on Thu Apr 26 03:33:58 CEST 2012 > Service ticket not found in the subject >>>> Credentials acquireServiceCreds: same realm > Using builtin default etypes for default_tgs_enctypes > default etypes for default_tgs_enctypes: 18 17 16 23 1 3. >>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>>> retries =3, #bytes=665 >>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>>> =1, #bytes=665 >>>> KrbKdcReq send: #bytes read=643 >>>> KdcAccessibility: remove corx01.melkweg.tld >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000 >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType > Krb5Context setting mySeqNumber to: 87301791 > Krb5Context setting peerSeqNumber to: 0 > Created InitSecContextToken: > > 0000: 01 00 6E 82 02 2B 30 82 02 27 A0 03 02 01 05 A1 ..n..+0..'...... > 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................ > 0020: 33 61 82 01 2F 30 82 01 2B A0 03 02 01 05 A1 0D 3a../0..+....... > 0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30 ..MELKWEG.TLD.20 > 0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50 0......)0'..HTTP > 0050: 1B 1F 5F 6B 65 72 62 69 73 73 70 6F 63 2D 73 65 .._kerbisspoc-se > 0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C rvice.melkweg.tl > 0070: 64 A3 81 E0 30 81 DD A0 03 02 01 17 A1 03 02 01 d...0........... > 0080: 04 A2 81 D0 04 81 CD BB FE 9C 11 EC DB 48 8D 5E .............H.^ > 0090: D5 C7 B8 C8 A9 6F 42 E3 09 F1 C5 33 C7 A6 5C B5 .....oB....3..\. > 00A0: EE B8 E5 6C 8E EC 5C BB 15 07 17 1E 10 BC D2 78 ...l..\........x > 00B0: 5E 06 6F FC 7E D7 54 9A 7C DD CC 55 90 98 F1 BF ^.o...T....U.... > 00C0: 45 BD 98 31 44 0F 6E F9 E6 99 8E FD 2C C8 DA E5 E..1D.n.....,... > 00D0: 92 2D A0 3D 9A 87 EC BD 44 CC 7C 72 ED B7 21 58 .-.=....D..r..!X > 00E0: 66 2D A4 36 A0 F9 4E 0E D4 7B 69 4B 2E 12 5B A4 f-.6..N...iK..[. > 00F0: 77 B0 10 8E B4 6F 4A 9E D1 89 BC 7C 53 E5 17 60 w....oJ.....S..` > 0100: 0B FB 7F 25 7C 56 E3 39 83 1C 97 38 85 ED C8 6A ...%.V.9...8...j > 0110: C4 88 13 1D 48 4F 48 07 76 60 4D B7 CD 43 B1 A0 ....HOH.v`M..C.. > 0120: B8 BB 8D F5 C6 14 CF 8D 41 30 4E BC A4 C3 99 D1 ........A0N..... > 0130: E7 FE F6 42 9D 44 1F 39 E7 37 B6 04 BD FF ED 37 ...B.D.9.7.....7 > 0140: CD C1 6A 79 B4 6C 2B 65 09 22 E1 2C 5B A8 21 76 ..jy.l+e.".,[.!v > 0150: D5 91 AB 7D A4 81 DA 30 81 D7 A0 03 02 01 17 A2 .......0........ > 0160: 81 CF 04 81 CC B7 75 8C 38 22 08 CE BE C4 B8 9C ......u.8"...... > 0170: 85 19 DC F9 8F 64 33 A2 9D 9A 8C C6 7A 72 DA 2E .....d3.....zr.. > 0180: 77 BC 6C D6 09 08 E9 4A D6 CC C5 6B 95 89 3D 63 w.l....J...k..=c > 0190: E0 B9 B1 A0 8F 70 B8 41 01 80 F4 C9 34 16 36 D1 .....p.A....4.6. > 01A0: 34 55 91 14 4D DE BF 7A 54 D3 7C 39 A2 02 59 A8 4U..M..zT..9..Y. > 01B0: 1B 40 70 FC D3 86 E7 62 92 4B 42 75 4F 92 8A 1C [email protected]... > 01C0: B4 2F 09 77 F4 27 86 72 37 54 29 99 59 88 3E 42 ./.w.'.r7T).Y.>B > 01D0: 00 EB 73 74 44 AA 9B 28 F7 7E 58 00 8F D9 06 ED ..stD..(..X..... > 01E0: 59 52 3C EF B9 A9 45 B4 97 BC CC D4 1F 4F D7 45 YR<...E......O.E > 01F0: 66 58 A3 31 34 A4 63 C0 E9 19 5D 80 71 37 34 33 fX.14.c...].q743 > 0200: 5E 2D 45 77 53 BF 6A 1F 21 41 0A 4B C6 DF 60 54 ^-EwS.j.!A.K..`T > 0210: D4 EE C4 A1 55 48 6B AF 0C BD 52 46 8B C4 C9 FB ....UHk...RF.... > 0220: 75 76 5F 99 D6 26 26 DC 5B 10 E9 18 88 E2 9B 57 uv_..&&.[......W > 0230: 07 . > > Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt > false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab > refreshKrb5Config is true principal is > HTTP/[email protected] tryFirstPass is false > useFirstPass is false storePass is false clearPass is false > Refreshing Kerberos configuration > Config name: /etc/krb5.conf >>>> KdcAccessibility: reset > Added key: 23version: 4 > Ordering keys wrt default_tkt_enctypes list > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 18 17 16 23 1 3. > Added key: 23version: 4 > Ordering keys wrt default_tkt_enctypes list > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 18 17 16 23 1 3. > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>>> KrbAsReq creating message >>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of >>>> retries =3, #bytes=166 >>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt >>>> =1, #bytes=166 >>>> KrbKdcReq send: #bytes read=631 >>>> KdcAccessibility: remove corx01.melkweg.tld > Added key: 23version: 4 > Ordering keys wrt default_tkt_enctypes list > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld > principal is HTTP/[email protected] > Will use keytab > Added key: 23version: 4 > Ordering keys wrt default_tkt_enctypes list > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 18 17 16 23 1 3. > Commit Succeeded > > Found KeyTab > Found KerberosKey for HTTP/[email protected] > Entered Krb5Context.acceptSecContext with state=STATE_NEW > Added key: 23version: 4 > Ordering keys wrt default_tkt_enctypes list > Using builtin default etypes for default_tkt_enctypes > default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType > Using builtin default etypes for permitted_enctypes > default etypes for permitted_enctypes: 18 17 16 23 1 3. >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType > replay cache for HTTP/[email protected] is null. > object 0: 1335368038927/927468 > object 0: 1335368038927/927468 >>>> KrbApReq: authenticate succeed. > Krb5Context setting peerSeqNumber to: 87301791 > Krb5Context setting mySeqNumber to: 87301791 > Tests run: 12, Failures: 0, Errors: 0, Skipped: 11, Time elapsed: 7.707 sec > > Results : > > Tests run: 12, Failures: 0, Errors: 0, Skipped: 11 > > So, does anybody know if this is my own fault, or if it is caused by a bug > in java? > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5665237.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
