Hi,
I try to run the example from
http://java.sun.com/products/jndi/tu...ty/gssapi.html
The login on Kerberos succeeds and i get this ticket:
Principal: us**@MY-DOMAIN.ORG
Private Authentisierung: Ticket (hex) =
0000: 61 81 EF 30 81 EC A0 03 02 01 05 A1 0F 1B 0D 4D
a..0...........M
0010: 49 4E 44 4D 41 54 49 43 53 2E 44 45 A2 22 30 20
Y-DOMAIN.ORG."0
0020: A0 03 02 01 00 A1 19 30 17 1B 06 6B 72 62 74 67
........0...krbtg
0030: 74 1B 0D 4D 49 4E 44 4D 41 54 49 43 53 2E 44 45
t..MY-DOMAIN.ORG
0040: A3 81 AF 30 81 AC A0 03 02 01 10 A1 03 02 01 01
....0............
0050: A2 81 9F 04 81 9C DA A9 A1 94 6A 2E 18 ED 81 30
...........j....0
0060: 13 88 5D A8 72 93 E7 A0 57 E4 34 1A 33 39 5B F5
...].r...W.4.39[.
0070: 47 48 6E D1 6F 45 98 C4 DD 75 70 05 A6 1B 57 F1
GHn.oE...up...W.
0080: 89 A6 65 C3 B9 60 39 90 0C D2 8C 20 84 90 BD 50 ..e..`9....
....P
0090: 11 83 B5 38 A7 2F 47 6F 29 87 34 B8 80 17 0A CB
....8./Go).4.....
00A0: 4A 5A 2E EC D2 1D 89 5C 6D 8A 12 E4 1F DE 05 C9
JZ.....\m.......
00B0: 77 21 D6 9B 74 68 76 68 8C 2C 79 0C 23 01 03 D2
w!..thvh.,y.#...
00C0: 3B 5B D2 CA 7A 50 AB 81 6A 25 B1 52 96 40 A9 B4
;[..zP..j%.R.@..
00D0: 44 2B DC C4 1C DF 03 F8 CD D0 61 57 86 2F 5E 4E
D+........aW./^N
00E0: 76 BA B1 58 39 84 14 EB 35 11 AB 2E EB A6 1A BA
v..X9...5.......
00F0: 33 1B
Client Principal = us**@MY-DOMAIN.ORG
Server Principal = krbtgt/MY***********@MY-DOMAIN.ORG
Session Key = EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: 67 32 07 01 D6 6E B5 31
Forwardable Ticket false
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Thu Aug 19 10:25:11 CEST 2004
Start Time = Thu Aug 19 10:25:11 CEST 2004
End Time = Fri Aug 20 10:25:11 CEST 2004
Renew Till = Null
Client Addresses Null
--------------------------------------------------------------------------
The following exception is thrown where the InitialDirContext is
created:
( DirContext ctx = new InitialDirContext(env); )
javax.naming.AuthenticationException: GSSAPI [Root exception is
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Server
not found in Kerberos database (7) - UNKNOWN_SERVER)]]
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl. java:150)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClie nt.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:263 7)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapC txFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Ldap CtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(N amingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(Init ialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.ja va:223)
at javax.naming.InitialContext.<init>(InitialContext. java:197)
at javax.naming.directory.InitialDirContext.<init>(In itialDirContext.java:82)
at ldap3.JndiAction.performJndiOperation(GssExample.j ava:139)
at ldap3.JndiAction.run(GssExample.java:105)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at ldap3.GssExample.main(GssExample.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:582)
at com.intellij.rt.execution.application.AppMain.main (AppMain.java:78)
Caused by: javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism
level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evalua teChallenge(GssKrb5Client.java:174)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl. java:105)
... 22 more
Caused by: GSSException: No valid credentials provided (Mechanism
level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)
at sun.security.jgss.krb5.Krb5Context.initSecContext( Krb5Context.java:654)
at sun.security.jgss.GSSContextImpl.initSecContext(GS SContextImpl.java:213)
at sun.security.jgss.GSSContextImpl.initSecContext(GS SContextImpl.java:158)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evalua teChallenge(GssKrb5Client.java:155)
... 23 more
Caused by: KrbException: Server not found in Kerberos database (7) -
UNKNOWN_SERVER
at sun.security.krb5.KrbTgsRep.<init>(DashoA12275:65)
at sun.security.krb5.KrbTgsReq.getReply(DashoA12275:2 34)
at sun.security.krb5.internal.a1.a(DashoA12275:294)
at sun.security.krb5.internal.a1.a(DashoA12275:106)
at sun.security.krb5.Credentials.acquireServiceCreds( DashoA12275:527)
at sun.security.jgss.krb5.Krb5Context.initSecContext( Krb5Context.java:583)
... 26 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.ah.a(DashoA12275:133)
at sun.security.krb5.internal.ag.a(DashoA12275:58)
at sun.security.krb5.internal.ag.<init>(DashoA12275:5 3)
at sun.security.krb5.KrbTgsRep.<init>(DashoA12275:46)
... 31 more
-----------------------------------------------------------------------
The exception says that the server is not found in the Kerberos
database.
How can I add a server to the Kerberos database?
Or is there another problem?