qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eugene <eugen.ra...@gmail.com>
Subject Re: qpidd 0.14 + Kerberos + Active Directory on Windows 2003 Server
Date Fri, 27 Jul 2012 07:39:48 GMT
Well yes I'm sorry I should have been a bit more verbose. Here are the
details:

1. The command that I'm running:

java -Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.auth.login.config=myjass.conf -Dsun.security.krb5.debug=true
-jar Kerberos.jar

  1.1 I am running it with OpenJDK 1.6_22
  1.2 The myjass.conf looks like this:

         com.sun.security.jgss.initiate {
                   com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true;
         }; 

2. The keyab file is called krb5.keytab (so I do not need to set the
KRB5_KTNAME variable). 

3. Yes the keytab can be read by qpidd (as a matter of fact to make it sure
I just "777"-ed the file anyway)

4. qpid.conf :

auth=yes
realm=OURDOMAIN.COM

Here is the stack trace that I get:


    Config name: /etc/krb5.conf

    >>>KinitOptions cache name is /tmp/krb5cc_0

    >>>DEBUG <CCacheInputStream>  client principal is user@OURDOMAIN.COM

    >>>DEBUG <CCacheInputStream> server principal is
krbtgt/OURDOMAIN.COM@OURDOMAIN.COM

    >>>DEBUG <CCacheInputStream> key type: 23

    >>>DEBUG <CCacheInputStream> auth time: Fri Jul 27 03:28:43 EDT 2012

    >>>DEBUG <CCacheInputStream> start time: Fri Jul 27 03:28:17 EDT 2012

    >>>DEBUG <CCacheInputStream> end time: Fri Jul 27 13:28:43 EDT 2012

    >>>DEBUG <CCacheInputStream> renew_till time: Sat Jul 28 03:28:17 EDT
2012

    >>> CCacheInputStream: readFlags()  FORWARDABLE; RENEWABLE; INITIAL;
PRE_AUTH;

    >>>DEBUG <CCacheInputStream>

    Found ticket for user@OURDOMAIN.COM to go to
krbtgt/OURDOMAIN.COM@OURDOMAIN.COM expiring on Fri Jul 27 13:28:43 EDT 2012

    Entered Krb5Context.initSecContext with state=STATE_NEW

    Service ticket not found in the subject

    >>> Credentials acquireServiceCreds: same realm

    Using builtin default etypes for default_tgs_enctypes

    default etypes for default_tgs_enctypes: 3 1 23 16 17 18.

    >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType

    >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType

    >>> KrbKdcReq send: kdc=VSH002.VIVATCONSULTING.COM UDP:88,
timeout=30000, number of retries =3, #bytes=1245

    >>> KDCCommunication: kdc=VSH002.VIVATCONSULTING.COM UDP:88,
timeout=30000,Attempt =1, #bytes=1245

    >>> KrbKdcReq send: #bytes read=1161

    >>> KrbKdcReq send: #bytes read=1161

    >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType

    >>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000

    >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType

    Krb5Context setting mySeqNumber to: 226562779

    Krb5Context setting peerSeqNumber to: 0

    Created InitSecContextToken:

    0000: 01 00 6E 82 04 46 30 82   04 42 A0 03 02 01 05 A1 
..n..F0..B......

    0010: 03 02 01 0E A2 07 03 05   00 00 00 00 00 A3 82 03 
................

    0020: 6A 61 82 03 66 30 82 03   62 A0 03 02 01 05 A1 15 
ja..f0..b.......

    0030: 1B 13 56 49 56 41 54 43   4F 4E 53 55 4C 54 49 4E  ..OURDOMAI

    0040: 47 2E 43 4F 4D A2 1A 30   18 A0 03 02 01 00 A1 11 
N.COM..0........

    0050: 30 0F 1B 05 71 70 69 64   64 1B 06 76 6D 76 6D 72 
0...qpidd..vmvmr

    0060: 67 A3 82 03 26 30 82 03   22 A0 03 02 01 03 A1 03 
g...&0..".......

    0070: 02 01 06 A2 82 03 14 04   82 03 10 2E 55 5F 15 CC 
............U_..

    0080: 23 6B 1E 6B 43 86 C5 63   62 58 1D EF 13 AD 0B 48 
#k.kC..cbX.....H

    0090: A1 90 AB 24 AE EF 22 5A   5C CF 88 0F 54 0B 19 E5 
...$.."Z\...T...

    00A0: 27 0C 4E F8 6A 2A 84 78   EC 8F 76 C5 5E 9E 0F 4B 
'.N.j*.x..v.^..K

    00B0: 7E CB D8 FD F7 7A 6F A2   D8 B5 B9 64 B4 5C 0C 41 
.....zo....d.\.A

    00C0: E6 A2 BA 15 CB 90 55 21   9A 94 5F 46 DE 54 19 11 
......U!.._F.T..

    00D0: F5 AE E1 C0 20 B0 39 1C   E5 F5 51 A8 B4 90 CE D6  ....
.9...Q.....

    00E0: 9F 06 FB EE 93 E3 8D B6   10 00 3D 10 75 7C 72 4A 
..........=.u.rJ

    00F0: 4F E1 7A 45 F9 5A 1B 3A   0E 1E DE 02 B4 E5 CB B6 
O.zE.Z.:........

    0100: 1D C8 23 CF BE 72 3E D0   CB A3 9F AE 17 B4 1D 73 
..#..r>........s

    0110: 1D C0 1F 46 19 75 26 1E   C8 39 EE 4E E0 EC 4A E8 
...F.u&..9.N..J.

    0120: 8E DA A4 14 DC B9 41 9D   CA 41 4F C9 65 74 6F B5 
......A..AO.eto.

    0130: 25 22 53 2F CC 84 C1 27   2E 45 B1 F2 BA 19 03 66 
%"S/...'.E.....f

    0140: 19 1D 39 31 F9 42 B8 20   EC A9 4A 47 40 60 5F F5  ..91.B.
..JG@`_.

    0150: 32 E9 B5 DA B9 05 39 CB   08 18 34 43 D1 B3 C8 D1 
2.....9...4C....

    0160: 42 A6 30 03 6E 33 22 49   4E 59 E7 80 14 55 F8 A0 
B.0.n3"INY...U..

    0170: B6 1C FE 7E 87 B9 89 F3   E9 79 D2 AC F6 12 89 AC 
.........y......

    0180: 2D 2C CB FC 70 F6 E3 81   F9 54 56 38 93 EB C2 17 
-,..p....TV8....

    0190: 6B DB A0 65 9B F3 E2 A1   74 20 75 0F 6F 10 C6 8F  k..e....t
u.o...

    01A0: 2A 5C C4 56 E2 AF 3F 35   97 2A 02 33 58 A0 7F 1F 
*\.V..?5.*.3X...

    01B0: 5E 8A 7E 4A F6 78 98 C7   0C 37 E9 47 E3 D4 2D 26 
^..J.x...7.G..-&

    01C0: 3D E8 E3 4B 19 E3 09 46   73 B8 6D A7 C7 75 46 A2 
=..K...Fs.m..uF.

    01D0: 30 A0 78 0E 64 39 78 B5   66 FF 0D 40 0C F0 3A F5 
0.x.d9x.f..@..:.

    01E0: 47 CB 27 4C 65 22 54 F6   CD CC 4B 39 00 28 68 80 
G.'Le"T...K9.(h.

    01F0: 8F 89 B7 BF 39 FB 5D 75   0D FD 87 7E A8 35 35 C4 
....9.]u.....55.

    0200: DD 7C 11 09 2B 2E 24 A0   A5 45 AD E2 35 27 A9 73 
....+.$..E..5'.s

    0210: BF 74 95 86 25 19 06 70   0F 4A DC 39 B6 FA 55 94 
.t..%..p.J.9..U.

    0220: C8 9E 84 18 96 AB BC C8   C3 F4 B4 60 8D FF AF 51 
...........`...Q

    0230: BC EE EA 9A B3 5F 29 70   CF D0 F0 E1 8D 4B E4 DF 
....._)p.....K..

    0240: 5C 34 7F FA 93 C2 03 C7   A2 16 FE 1B 58 2A C6 68 
\4..........X*.h

    0250: FD EB 8F DE 10 53 84 B1   82 A0 D2 00 CA 4D 5D F8 
.....S.......M].

    0260: 2B 7A 92 98 9C B2 B4 E5   05 8D 36 11 EA 73 12 EC 
+z........6..s..

    0270: D2 63 D7 E0 F2 A5 11 01   31 B8 44 A5 A6 73 67 BD 
.c......1.D..sg.

    0280: 5B 7F 6E C5 9A 9F 7A EC   14 E7 57 67 C0 19 40 0C 
[.n...z...Wg..@.

    0290: D3 A8 D7 89 EC 61 C4 81   84 D0 AC EE 83 FE A9 E8 
.....a..........

    02A0: 11 28 87 8F C1 89 75 8B   5D E7 29 A9 B8 0B 1B AE 
.(....u.].).....

    02B0: 24 AB 1D 77 36 33 A6 FD   BD 61 66 CF 06 E7 7A EB 
$..w63...af...z.

    02C0: 26 40 75 A0 A7 49 70 17   91 1D F8 2B A1 15 81 30 
&@u..Ip....+...0

    02D0: E4 C4 8F BE D5 BC D6 4B   69 3E 7A FC 38 EE 54 06 
.......Ki>z.8.T.

    02E0: C9 6B 3E B1 94 17 9B 55   9C 56 E5 AC 45 EF 87 89 
.k>....U.V..E...

    02F0: A4 40 C2 4C 17 A8 E9 DF   AD E7 AC 1F 2A 95 3A 9E 
.@.L........*.:.

    0300: FC 00 3E 7C 3D AD 2F A6   6D EA E1 DB 0A 85 96 3A 
..>.=./.m......:

    0310: E1 A8 5A 16 09 EA CE 81   B9 46 D7 9B D7 D1 37 55 
..Z......F....7U

    0320: 95 43 97 2B 8A 9A 21 0B   7C 76 8C 6D 17 DB EB E7 
.C.+..!..v.m....

    0330: C6 F6 90 38 A6 F6 5F FD   49 8F 97 42 E0 D1 63 8C 
...8.._.I..B..c.

    0340: 56 BF 2A 41 E7 5D A4 46   5F 95 0A E5 B7 06 1A 26 
V.*A.].F_......&

    0350: E0 59 FB 3E 37 17 10 3F   C5 0B B0 03 16 92 92 AD 
.Y.>7..?........

    0360: 3B 07 8B 73 7E D8 93 BB   6C 65 9F 4B 88 C3 57 BF 
;..s....le.K..W.

    0370: BB 30 75 E7 44 F8 DB 98   22 69 DF AC FD 69 EE BC 
.0u.D..."i...i..

    0380: 89 5C 4D 12 D5 86 E2 4E   0D BB B5 A4 81 BE 30 81 
.\M....N......0.

    0390: BB A0 03 02 01 03 A2 81   B3 04 81 B0 80 45 82 A2 
.............E..

    03A0: 72 19 DF A9 49 8D EF 02   C6 C4 C0 98 C6 63 75 DE 
r...I........cu.

    03B0: 8C 5F E9 07 19 64 70 07   2F FB 90 2A F3 E5 34 F4 
._...dp./..*..4.

    03C0: 0A B0 FE 43 1A 24 8F 7E   12 3A 88 5C B9 CC 37 C4 
...C.$...:.\..7.

    03D0: 91 23 A6 05 BB FB E5 FE   95 76 E3 0A 4C BF 35 10 
.#.......v..L.5.

    03E0: 75 A4 48 4A 45 AA B9 29   83 C9 45 AC 25 86 A2 BD 
u.HJE..)..E.%...

    03F0: FB E0 9C 04 36 02 25 37   DC 66 B8 47 95 06 14 AA 
....6.%7.f.G....

    0400: DA 80 30 73 1B 09 4D 1D   47 F1 FF EE 2B E8 E8 49 
..0s..M.G...+..I

    0410: BB 90 17 84 D4 F1 79 5E   49 8F 48 D3 68 FD D4 8E 
......y^I.H.h...

    0420: 4D F1 D3 B5 20 B9 2E B0   2F C4 96 A8 2D 9F 51 70  M...
.../...-.Qp

    0430: 1C D0 83 6E CA 66 61 B3   1B 65 99 31 27 15 BF A6 
...n.fa..e.1'...

    0440: 98 28 4D DB BB 2E B5 BB   14 6E 86 F4              .(M......n..


    Exception occurred: javax.jms.JMSException: Error creating connection:
connection-forced: Authentication failed

    javax.jms.JMSException: Error creating connection: connection-forced:
Authentication failed

            at
org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:102)

            at
com.vivat.kerberos.KerberosConnection.main(KerberosConnection.java:49)

    Caused by: org.apache.qpid.AMQConnectionFailureException:
connection-forced: Authentication failed [error code 320: connection forced]

            at
org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:432)

            at
org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:98)

            ... 1 more

    Caused by: org.apache.qpid.AMQException: Cannot connect to broker:
connection-forced: Authentication failed [error code 320: connection forced]

            at
org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:212)

            at
org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:569)

            at
org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:355)

            ... 2 more

    Caused by: org.apache.qpid.transport.ConnectionException:
connection-forced: Authentication failed

            at
org.apache.qpid.transport.ConnectionException.rethrow(ConnectionException.java:67)

            at
org.apache.qpid.transport.Connection.connect(Connection.java:283)

            at
org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:193)

            ... 4 more

    Caused by: org.apache.qpid.transport.ConnectionException:
connection-forced: Authentication failed

            at
org.apache.qpid.transport.Connection.closeCode(Connection.java:532)

            at
org.apache.qpid.transport.ConnectionDelegate.connectionClose(ConnectionDelegate.java:76)

            at
org.apache.qpid.transport.ConnectionDelegate.connectionClose(ConnectionDelegate.java:40)

            at
org.apache.qpid.transport.ConnectionClose.dispatch(ConnectionClose.java:100)

            at
org.apache.qpid.transport.ConnectionDelegate.control(ConnectionDelegate.java:49)

            at
org.apache.qpid.transport.ConnectionDelegate.control(ConnectionDelegate.java:40)

            at org.apache.qpid.transport.Method.delegate(Method.java:163)

            at
org.apache.qpid.transport.Connection.received(Connection.java:387)

            at
org.apache.qpid.transport.Connection.received(Connection.java:66)

            at
org.apache.qpid.transport.network.Assembler.emit(Assembler.java:95)

            at
org.apache.qpid.transport.network.Assembler.assemble(Assembler.java:181)

            at
org.apache.qpid.transport.network.Assembler.frame(Assembler.java:129)

            at
org.apache.qpid.transport.network.Frame.delegate(Frame.java:133)

            at
org.apache.qpid.transport.network.Assembler.received(Assembler.java:100)

            at
org.apache.qpid.transport.network.Assembler.received(Assembler.java:42)

            at
org.apache.qpid.transport.network.InputHandler.next(InputHandler.java:187)

            at
org.apache.qpid.transport.network.InputHandler.received(InputHandler.java:103)

            at
org.apache.qpid.transport.network.InputHandler.received(InputHandler.java:42)

            at
org.apache.qpid.transport.network.io.IoReceiver.run(IoReceiver.java:153)

            at java.lang.Thread.run(Thread.java:679)


Why do I get Authentication Failed if kinit works just fine? I got a Ticket
Granting Ticket so why is there an error message about Authentication? This
smells a lot like something to do with keytab...

If there are other files you want to see, please do let me know.

Thank You,
Eugene. 






--
View this message in context: http://apache-qpid-developers.2158895.n2.nabble.com/qpidd-0-14-Kerberos-Active-Directory-on-Windows-2003-Server-tp7581381p7581407.html
Sent from the Apache Qpid developers mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message