Topic
3 replies Latest Post - ‏2007-04-23T16:49:12Z by SystemAdmin
SystemAdmin
SystemAdmin
2262 Posts
ACCEPTED ANSWER

Pinned topic SPNego authentication

‏2007-02-05T15:32:35Z |
Hi,
We have configured SPNego (Kerberos) authentication for SAP Portal running on AIX 5.3, IBM JDK 1.4.2 SR7. I have followed all the steps and its working fine in our test environment. I have done the same configuration in our production environment but its not working. Below is the exception in the logs.

JGSS_DBG_CTX Client time Sat Feb 03 13:09:32 GMT 2007 too skewed
org.ietf.jgss.GSSException, major code: 10, minor code: 37
major string: Defective token
minor string: Client time 03 February 2007 at 13:09:32 too skewed
at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:5)
at com.ibm.security.jgss.mech.krb5.k.a(k.java:896)
at com.ibm.security.jgss.mech.krb5.k.a(k.java:6)
at com.ibm.security.jgss.mech.krb5.k.b(k.java:231)
at com.ibm.security.jgss.mech.krb5.k.acceptSecContext(k.java:1010)
at com.ibm.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:30)
at com.ibm.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:370)

And the same is being shown in the token as well.
JGSS_DBG_MARSH 0000: 03 00 7e 82 01 12 30 82 01 0e a0 03 02 01 05 a1 ......0.........
0010: 03 02 01 1e a4 11 18 0f 32 30 30 37 30 32 30 33 ........20070203
0020: 31 33 30 34 30 35 5a a5 05 02 03 05 c8 78 a6 03 130405Z......x..
0030: 02 01 25 a9 10 1b 0e 55 4b 2e 52 57 45 55 54 49 .......UK.RWEUTI
0040: 4c 2e 4e 45 54 aa 2f 30 2d a0 03 02 01 00 a1 26 L.NET..0........
0050: 30 24 1b 04 48 54 54 50 1b 1c 61 64 63 61 70 73 0...HTTP..adcaps
0060: 61 70 31 35 2e 74 68 61 6d 65 73 77 61 74 65 72 ap15.thameswater
0070: 2e 63 6f 2e 75 6b ab 81 9f 1b 81 9c 6f 72 67 2e .co.uk......org.
0080: 69 65 74 66 2e 6a 67 73 73 2e 47 53 53 45 78 63 ietf.jgss.GSSExc
0090: 65 70 74 69 6f 6e 2c 20 6d 61 6a 6f 72 20 63 6f eption..major.co
00a0: 64 65 3a 20 31 30 2c 20 6d 69 6e 6f 72 20 63 6f de..10..minor.co
00b0: 64 65 3a 20 33 37 0a 09 6d 61 6a 6f 72 20 73 74 de..37..major.st
00c0: 72 69 6e 67 3a 20 44 65 66 65 63 74 69 76 65 20 ring..Defective.
00d0: 74 6f 6b 65 6e 0a 09 6d 69 6e 6f 72 20 73 74 72 token..minor.str
00e0: 69 6e 67 3a 20 43 6c 69 65 6e 74 20 74 69 6d 65 ing..Client.time
00f0: 20 30 33 20 46 65 62 72 75 61 72 79 20 32 30 30 .03.February.200
0100: 37 20 61 74 20 31 33 3a 30 39 3a 33 32 20 74 6f 7.at.13.09.32.to
0110: 6f 20 73 6b 65 77 65 64 o.skewed

Any help is highly appreciated.

Many Thanks,
Chandra
Updated on 2007-04-23T16:49:12Z at 2007-04-23T16:49:12Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    2262 Posts
    ACCEPTED ANSWER

    Re: SPNego authentication

    ‏2007-02-08T18:15:52Z  in response to SystemAdmin
    This is a clock skew error, which means that your client time is skewed to far from your servers time. Default time is 300 seconds. You should check your NTP settings on the machines in your environment.