Topic
  • 3 replies
  • Latest Post - ‏2013-08-28T20:16:50Z by Detelin Yordanov
diste
diste
2 Posts

Pinned topic jgss runtime difference between sun and ibm jvm

‏2010-04-30T12:54:29Z |
Hi, I am triyng to use ibm jvm. The problem is that the code I use for to get a kerberos token seems to behave different if I run it on a sun jvm or a ibm jvm.
With Sun all works well, with ibm an exception is thrown.
I don't know if there is some setting for to have same behavior as the sun one (or at least to get a kerberos token)

thanks to all!

Found IBM Virtual Machine
-------------------------LOGIN------------------------------
JGSS_DBG_CRED JAAS config: debug=true
JGSS_DBG_CRED JAAS config: credsType=initiate only (default)
JGSS_DBG_CRED config: useDefaultCcache=false
JGSS_DBG_CRED config: useCcache=null
JGSS_DBG_CRED config: useDefaultKeytab=false (default)
JGSS_DBG_CRED config: useKeytab=null
JGSS_DBG_CRED JAAS config: forwardable=false (default)
JGSS_DBG_CRED JAAS config: renewable=false (default)
JGSS_DBG_CRED JAAS config: proxiable=false (default)
JGSS_DBG_CRED JAAS config: noAddress=false (default)
JGSS_DBG_CRED JAAS config: tryFirstPass=false (default)
JGSS_DBG_CRED JAAS config: useFirstPass=false (default)
JGSS_DBG_CRED JAAS config: moduleBanner=false (default)
JGSS_DBG_CRED JAAS config: interactive login? yes
JGSS_DBG_CRED Retrieving Kerberos creds from cache for principal=null
JGSS_DBG_CRED No Kerberos creds in cache for principal myuser@MY.DOMAIN
JGSS_DBG_CRED Doing Kerberos login for principal myuser@MY.DOMAIN
JGSS_DBG_CRED Doing Kerberos login for principal: myuser@MY.DOMAIN
JGSS_DBG_CRED Kerberos login complete
JGSS_DBG_CRED Login successful
JGSS_DBG_CRED myuser@MY.DOMAIN added to Subject
JGSS_DBG_CRED Kerberos ticket for myuser@MY.DOMAIN added to Subject
JGSS_DBG_CRED No keys to add to Subject for myuser@MY.DOMAIN
-------------------------TOKEN------------------------------
Exception in thread "main" java.security.PrivilegedActionException: org.ietf.jgss.GSSException, major code: 13, minor code: 0
major string: Invalid credentials
minor string: Cannot get credential for principal myuser@MY.DOMAIN
at java.security.AccessController.doPrivileged(AccessController.java:290)
at javax.security.auth.Subject.doAs(Subject.java:573)
at it.bz.prov.egov.test.JGSSMain.getToken(JGSSMain.java:120)
at it.bz.prov.egov.test.JGSSMain.main(JGSSMain.java:101)
Caused by: org.ietf.jgss.GSSException, major code: 13, minor code: 0
major string: Invalid credentials
minor string: Cannot get credential for principal myuser@MY.DOMAIN
at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:24)
at com.ibm.security.jgss.mech.krb5.ac.b(ac.java:435)
at com.ibm.security.jgss.mech.krb5.ac.b(ac.java:314)
at com.ibm.security.jgss.mech.krb5.ac.b(ac.java:80)
at com.ibm.security.jgss.mech.krb5.ac.<init>(ac.java:414)
at com.ibm.security.jgss.mech.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:50)
at com.ibm.security.jgss.GSSManagerImpl.createMechCredential(GSSManagerImpl.java:19)
at com.ibm.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:149)
at com.ibm.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:218)
at com.ibm.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:31)
at it.bz.prov.egov.test.JGSSMain.getToken(JGSSMain.java:147)
at it.bz.prov.egov.test.JGSSMain$1.run(JGSSMain.java:125)
at java.security.AccessController.doPrivileged(AccessController.java:284)
... 3 more
Java(TM) SE Runtime Environment (build pxa6460sr6-20090925_01(SR6))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux amd64-64 jvmxa6460sr6-20090923_42924 (JIT enabled, AOT enabled)
J9VM - 20090923_042924
JIT - r9_20090902_1330ifx1
GC - 20090817_AA)
JCL - 20090924_01

Attachments

Updated on 2010-07-29T09:52:54Z at 2010-07-29T09:52:54Z by diste
  • SystemAdmin
    SystemAdmin
    2262 Posts

    Re: jgss runtime difference between sun and ibm jvm

    ‏2010-06-23T10:09:40Z  
    can you try to change your principal name to user/server@REALM ?
  • diste
    diste
    2 Posts

    Re: jgss runtime difference between sun and ibm jvm

    ‏2010-07-29T09:52:54Z  
    can you try to change your principal name to user/server@REALM ?
    in fact MY.DOMAIN is the realm
  • Detelin Yordanov
    Detelin Yordanov
    2 Posts

    Re: jgss runtime difference between sun and ibm jvm

    ‏2013-08-28T20:16:50Z  
    • diste
    • ‏2010-07-29T09:52:54Z
    in fact MY.DOMAIN is the realm

    This is an old thread, but I was playing around with a similar example and noticed that I get exactly the same error when setting javax.security.auth.useSubjectCredsOnly=false system property and your sample does the same. Removing or setting the property to true seem to help in my case.

    Regards,

       Detelin