Hi,
I try to run the example from
http://java.sun.com/products/jndi/tu...ty/gssapi.html
The login on Kerberos succeeds and i get this ticket:
Principal: us**@MY-DOMAIN.ORG
Private Authentisierung : Ticket (hex) =
0000: 61 81 EF 30 81 EC A0 03 02 01 05 A1 0F 1B 0D 4D
a..0........... M
0010: 49 4E 44 4D 41 54 49 43 53 2E 44 45 A2 22 30 20
Y-DOMAIN.ORG."0
0020: A0 03 02 01 00 A1 19 30 17 1B 06 6B 72 62 74 67
........0...krb tg
0030: 74 1B 0D 4D 49 4E 44 4D 41 54 49 43 53 2E 44 45
t..MY-DOMAIN.ORG
0040: A3 81 AF 30 81 AC A0 03 02 01 10 A1 03 02 01 01
....0.......... ..
0050: A2 81 9F 04 81 9C DA A9 A1 94 6A 2E 18 ED 81 30
...........j... .0
0060: 13 88 5D A8 72 93 E7 A0 57 E4 34 1A 33 39 5B F5
...].r...W.4.39[.
0070: 47 48 6E D1 6F 45 98 C4 DD 75 70 05 A6 1B 57 F1
GHn.oE...up...W .
0080: 89 A6 65 C3 B9 60 39 90 0C D2 8C 20 84 90 BD 50 ..e..`9....
....P
0090: 11 83 B5 38 A7 2F 47 6F 29 87 34 B8 80 17 0A CB
....8./Go).4.....
00A0: 4A 5A 2E EC D2 1D 89 5C 6D 8A 12 E4 1F DE 05 C9
JZ.....\m...... .
00B0: 77 21 D6 9B 74 68 76 68 8C 2C 79 0C 23 01 03 D2
w!..thvh.,y.#.. .
00C0: 3B 5B D2 CA 7A 50 AB 81 6A 25 B1 52 96 40 A9 B4
;[..zP..j%.R.@..
00D0: 44 2B DC C4 1C DF 03 F8 CD D0 61 57 86 2F 5E 4E
D+........aW./^N
00E0: 76 BA B1 58 39 84 14 EB 35 11 AB 2E EB A6 1A BA
v..X9...5...... .
00F0: 33 1B
Client Principal = us**@MY-DOMAIN.ORG
Server Principal = krbtgt/MY***********@M Y-DOMAIN.ORG
Session Key = EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: 67 32 07 01 D6 6E B5 31
Forwardable Ticket false
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Thu Aug 19 10:25:11 CEST 2004
Start Time = Thu Aug 19 10:25:11 CEST 2004
End Time = Fri Aug 20 10:25:11 CEST 2004
Renew Till = Null
Client Addresses Null
--------------------------------------------------------------------------
The following exception is thrown where the InitialDirConte xt is
created:
( DirContext ctx = new InitialDirConte xt(env); )
javax.naming.Au thenticationExc eption: GSSAPI [Root exception is
javax.security. sasl.SaslExcept ion: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Server
not found in Kerberos database (7) - UNKNOWN_SERVER)]]
at com.sun.jndi.ld ap.sasl.LdapSas l.saslBind(Ldap Sasl.java:150)
at com.sun.jndi.ld ap.LdapClient.a uthenticate(Lda pClient.java:21 4)
at com.sun.jndi.ld ap.LdapCtx.conn ect(LdapCtx.jav a:2637)
at com.sun.jndi.ld ap.LdapCtx.<ini t>(LdapCtx.java :283)
at com.sun.jndi.ld ap.LdapCtxFacto ry.getUsingURL( LdapCtxFactory. java:175)
at com.sun.jndi.ld ap.LdapCtxFacto ry.getUsingURLs (LdapCtxFactory .java:193)
at com.sun.jndi.ld ap.LdapCtxFacto ry.getLdapCtxIn stance(LdapCtxF actory.java:136 )
at com.sun.jndi.ld ap.LdapCtxFacto ry.getInitialCo ntext(LdapCtxFa ctory.java:66)
at javax.naming.sp i.NamingManager .getInitialCont ext(NamingManag er.java:667)
at javax.naming.In itialContext.ge tDefaultInitCtx (InitialContext .java:247)
at javax.naming.In itialContext.in it(InitialConte xt.java:223)
at javax.naming.In itialContext.<i nit>(InitialCon text.java:197)
at javax.naming.di rectory.Initial DirContext.<ini t>(InitialDirCo ntext.java:82)
at ldap3.JndiActio n.performJndiOp eration(GssExam ple.java:139)
at ldap3.JndiActio n.run(GssExampl e.java:105)
at java.security.A ccessController .doPrivileged(N ative Method)
at javax.security. auth.Subject.do As(Subject.java :337)
at ldap3.GssExampl e.main(GssExamp le.java:88)
at sun.reflect.Nat iveMethodAccess orImpl.invoke0( Native Method)
at sun.reflect.Nat iveMethodAccess orImpl.invoke(N ativeMethodAcce ssorImpl.java:3 9)
at sun.reflect.Del egatingMethodAc cessorImpl.invo ke(DelegatingMe thodAccessorImp l.java:25)
at java.lang.refle ct.Method.invok e(Method.java:5 82)
at com.intellij.rt .execution.appl ication.AppMain .main(AppMain.j ava:78)
Caused by: javax.security. sasl.SaslExcept ion: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism
level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)]
at com.sun.securit y.sasl.gsskerb. GssKrb5Client.e valuateChalleng e(GssKrb5Client .java:174)
at com.sun.jndi.ld ap.sasl.LdapSas l.saslBind(Ldap Sasl.java:105)
... 22 more
Caused by: GSSException: No valid credentials provided (Mechanism
level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)
at sun.security.jg ss.krb5.Krb5Con text.initSecCon text(Krb5Contex t.java:654)
at sun.security.jg ss.GSSContextIm pl.initSecConte xt(GSSContextIm pl.java:213)
at sun.security.jg ss.GSSContextIm pl.initSecConte xt(GSSContextIm pl.java:158)
at com.sun.securit y.sasl.gsskerb. GssKrb5Client.e valuateChalleng e(GssKrb5Client .java:155)
... 23 more
Caused by: KrbException: Server not found in Kerberos database (7) -
UNKNOWN_SERVER
at sun.security.kr b5.KrbTgsRep.<i nit>(DashoA1227 5:65)
at sun.security.kr b5.KrbTgsReq.ge tReply(DashoA12 275:234)
at sun.security.kr b5.internal.a1. a(DashoA12275:2 94)
at sun.security.kr b5.internal.a1. a(DashoA12275:1 06)
at sun.security.kr b5.Credentials. acquireServiceC reds(DashoA1227 5:527)
at sun.security.jg ss.krb5.Krb5Con text.initSecCon text(Krb5Contex t.java:583)
... 26 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.kr b5.internal.ah. a(DashoA12275:1 33)
at sun.security.kr b5.internal.ag. a(DashoA12275:5 8)
at sun.security.kr b5.internal.ag. <init>(DashoA12 275:53)
at sun.security.kr b5.KrbTgsRep.<i nit>(DashoA1227 5:46)
... 31 more
-----------------------------------------------------------------------
The exception says that the server is not found in the Kerberos
database.
How can I add a server to the Kerberos database?
Or is there another problem?