Results 1 to 2 of 2

Thread: keytab path/details log to file

  1. Dec 23rd, 2012, 05:42 AM #1
    imitenmehta
    imitenmehta is offline Junior Member
    Join Date
    Oct 2012
    Posts
    11

    Default keytab path/details log to file

    Hi,

    How can I log what keytab file is being used by spring-spnego-kerberos ?

    I have set debug to true for org.springframework.security.extensions.kerberos.S unJaasKerberosTicketValidator in the xml.

    I am passing junk values to property with incorrect keytab name
    <property name="keyTabLocation" value="file:/http-web.kytab" />

    but logs never show any error on it. In fact logs show that it found keytab !

    17:12:10 DEBUG kerberos.KerberosServiceAuthenticationProvider - Try to validate Kerberos Token
    Found KeyTab
    Entered Krb5Context.acceptSecContext with state=STATE_NEW
    Ordering keys wrt default_tkt_enctypes list
    Using builtin default etypes for default_tkt_enctypes
    default etypes for default_tkt_enctypes: 17 16 23 1 3.



    I am using:
    <dependency>
    <groupId>org.springframework.security.extensions </groupId>
    <artifactId>spring-security-kerberos-core</artifactId>
    <version>1.0.0.M2</version>
    </dependency>


    or below versions I use:
    <spring.kerberos.version>1.0.0.M2</spring.kerberos.version>
    <spring.security.version>3.0.7.RELEASE</spring.security.version>


    If any one has other versions combination working let me know.

    Regards,

    Miten.
    Last edited by imitenmehta; Dec 24th, 2012 at 04:02 AM.
    Reply With Quote Reply With Quote
  2. Dec 26th, 2012, 04:29 AM #2
    imitenmehta
    imitenmehta is offline Junior Member
    Join Date
    Oct 2012
    Posts
    11

    Default

    15:12:57 DEBUG web.SpnegoAuthenticationProcessingFilter - Received Negotiate Header for request http://pinkydebian.primesystems.com:...ticated.xhtml: Negotiate YIICtgYGKwYBBQUCoIICqjCCAqagHzAdBgkqhkiG9xIBAgIGBS sFAQUCBgkqhkiC9xIBAgKiggKBBIICfWCCAnkGCSqGSIb3EgEC AgEAboICaDCCAmSgAwIBBaEDAgEOogcDBQAAAAAAo4IBgGGCAX wwggF4oAMCAQWhEhsQUFJJTUVTWVNURU1TLkNPTaIvMC2gAwIB A6EmMCQbBEhUVFAbHHBpbmt5ZGViaWFuLnByaW1lc3lzdGVtcy 5jb22jggEqMIIBJqADAgEQoQMCAQKiggEYBIIBFCRkJaLH/TivbwcpnqyyMCVwbT7UQ4Z8/MExGGdDU5XH9987fOie/Jx1n38djI5+g9L6S7Yr8cIksdT1puZYTZPvojZxukyMDukbHsp JPV4oeyX+CiCnu+CJm1p6xXLKbdPcCxNSwtnJVo462L72VqOW7 plzNHzdniwPJ1qcpHJO3kKlhcQcFa5Sw/4Fjy19yhlgNAs4pjHDctyJNG6K1GCthMxUApql1YVGdKoWw1NA 8RfeVvstyWjwt1skGN1+M/S7ZRzal593xYHuazGOC5FSceLT58GYjGm4THGwUbviYSptYHYp ubCcGfNct/iLw7dLJk018CiiiLYCwsbWYq9XMaglAHlR8N2PaZ/ZGujjAoxijqSByjCBx6ADAgEQooG/BIG8LWzK5j7KNVseRWueXiWFbg7Z2EkHOMaJHcMb7aSpm3hHfJ CmBuGJwNlgG+TeuUKQ9aPGV/WTuG/YCyManv6UP1PFtS23UeYBpM6QjfvV9WjSfS/vla+40E42ZV0IiTOdN7DDooaaCpJPSauVVcM6ffarhFfDKF5+0 XLFQ5FzjUujEGtkAmcFttXkB4yZyeZYSVKbA2GLxomlqY3OSHG 0kHryC+fS17zi9Mc69AFFntC0+ELbSJo1HDHuDtk=
    15:12:57 DEBUG authentication.ProviderManager - Authentication attempt using org.springframework.security.extensions.kerberos.K erberosServiceAuthenticationProvider
    15:12:57 DEBUG kerberos.KerberosServiceAuthenticationProvider - Try to validate Kerberos Token
    Entered SpNegoContext.acceptSecContext with state=STATE_NEW
    SpNegoContext.acceptSecContext: receiving token = a0 82 02 aa 30 82 02 a6 a0 1f 30 1d 06 09 2a 86 48 86 f7 12 01 02 02 06 05 2b 05 01 05 02 06 09 2a 86 48 82 f7 12 01 02 02 a2 82 02 81 04 82 02 7d 60 82 02 79 06 09 2a 86 48 86 f7 12 01 02 02 01 00 6e 82 02 68 30 82 02 64 a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 00 00 00 00 a3 82 01 80 61 82 01 7c 30 82 01 78 a0 03 02 01 05 a1 12 1b 10 50 52 49 4d 45 53 59 53 54 45 4d 53 2e 43 4f 4d a2 2f 30 2d a0 03 02 01 03 a1 26 30 24 1b 04 48 54 54 50 1b 1c 70 69 6e 6b 79 64 65 62 69 61 6e 2e 70 72 69 6d 65 73 79 73 74 65 6d 73 2e 63 6f 6d a3 82 01 2a 30 82 01 26 a0 03 02 01 10 a1 03 02 01 02 a2 82 01 18 04 82 01 14 24 64 25 a2 c7 fd 38 af 6f 07 29 9e ac b2 30 25 70 6d 3e d4 43 86 7c fc c1 31 18 67 43 53 95 c7 f7 df 3b 7c e8 9e fc 9c 75 9f 7f 1d 8c 8e 7e 83 d2 fa 4b b6 2b f1 c2 24 b1 d4 f5 a6 e6 58 4d 93 ef a2 36 71 ba 4c 8c 0e e9 1b 1e ca 49 3d 5e 28 7b 25 fe 0a 20 a7 bb e0 89 9b 5a 7a c5 72 ca 6d d3 dc 0b 13 52 c2 d9 c9 56 8e 3a d8 be f6 56 a3 96 ee 99 73 34 7c dd 9e 2c 0f 27 5a 9c a4 72 4e de 42 a5 85 c4 1c 15 ae 52 c3 fe 05 8f 2d 7d ca 19 60 34 0b 38 a6 31 c3 72 dc 89 34 6e 8a d4 60 ad 84 cc 54 02 9a a5 d5 85 46 74 aa 16 c3 53 40 f1 17 de 56 fb 2d c9 68 f0 b7 5b 24 18 dd 7e 33 f4 bb 65 1c da 97 9f 77 c5 81 ee 6b 31 8e 0b 91 52 71 e2 d3 e7 c1 98 8c 69 b8 4c 71 b0 51 bb e2 61 2a 6d 60 76 29 b9 b0 9c 19 f3 5c b7 f8 8b c3 b7 4b 26 4d 35 f0 28 a2 88 b6 02 c2 c6 d6 62 af 57 31 a8 25 00 79 51 f0 dd 8f 69 9f d9 1a e8 e3 02 8c 62 8e a4 81 ca 30 81 c7 a0 03 02 01 10 a2 81 bf 04 81 bc 2d 6c ca e6 3e ca 35 5b 1e 45 6b 9e 5e 25 85 6e 0e d9 d8 49 07 38 c6 89 1d c3 1b ed a4 a9 9b 78 47 7c 90 a6 06 e1 89 c0 d9 60 1b e4 de b9 42 90 f5 a3 c6 57 f5 93 b8 6f d8 0b 23 1a 9e fe 94 3f 53 c5 b5 2d b7 51 e6 01 a4 ce 90 8d fb d5 f5 68 d2 7d 2f ef 95 af b8 d0 4e 36 65 5d 08 89 33 9d 37 b0 c3 a2 86 9a 0a 92 4f 49 ab 95 55 c3 3a 7d f6 ab 84 57 c3 28 5e 7e d1 72 c5 43 91 73 8d 4b a3 10 6b 64 02 67 05 b6 d5 e4 07 8c 99 c9 e6 58 49 52 9b 03 61 8b c6 89 a5 a9 8d ce 48 71 b4 90 7a f2 0b e7 d2 d7 bc e2 f4 c7 3a f4 01 45 9e d0 b4 f8 42 db 48 9a 35 1c 31 ee 0e d9
    SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.113554.1.2.2
    SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.5.1.5.2
    SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.48018.1.2.2
    SpNegoToken NegTokenInit: reading Mech Token
    SpNegoContext.acceptSecContext: received token of type = SPNEGO NegTokenInit
    SpNegoContext: negotiated mechanism = 1.2.840.113554.1.2.2
    Found KeyTab
    Entered Krb5Context.acceptSecContext with state=STATE_NEW
    Ordering keys wrt default_tkt_enctypes list
    default etypes for default_tkt_enctypes: 3 1 16.
    15:12:57 WARN web.SpnegoAuthenticationProcessingFilter - Negotiate Header was invalid: Negotiate YIICtgYGKwYBBQUCoIICqjCCAqagHzAdBgkqhkiG9xIBAgIGBS sFAQUCBgkqhkiC9xIBAgKiggKBBIICfWCCAnkGCSqGSIb3EgEC AgEAboICaDCCAmSgAwIBBaEDAgEOogcDBQAAAAAAo4IBgGGCAX wwggF4oAMCAQWhEhsQUFJJTUVTWVNURU1TLkNPTaIvMC2gAwIB A6EmMCQbBEhUVFAbHHBpbmt5ZGViaWFuLnByaW1lc3lzdGVtcy 5jb22jggEqMIIBJqADAgEQoQMCAQKiggEYBIIBFCRkJaLH/TivbwcpnqyyMCVwbT7UQ4Z8/MExGGdDU5XH9987fOie/Jx1n38djI5+g9L6S7Yr8cIksdT1puZYTZPvojZxukyMDukbHsp JPV4oeyX+CiCnu+CJm1p6xXLKbdPcCxNSwtnJVo462L72VqOW7 plzNHzdniwPJ1qcpHJO3kKlhcQcFa5Sw/4Fjy19yhlgNAs4pjHDctyJNG6K1GCthMxUApql1YVGdKoWw1NA 8RfeVvstyWjwt1skGN1+M/S7ZRzal593xYHuazGOC5FSceLT58GYjGm4THGwUbviYSptYHYp ubCcGfNct/iLw7dLJk018CiiiLYCwsbWYq9XMaglAHlR8N2PaZ/ZGujjAoxijqSByjCBx6ADAgEQooG/BIG8LWzK5j7KNVseRWueXiWFbg7Z2EkHOMaJHcMb7aSpm3hHfJ CmBuGJwNlgG+TeuUKQ9aPGV/WTuG/YCyManv6UP1PFtS23UeYBpM6QjfvV9WjSfS/vla+40E42ZV0IiTOdN7DDooaaCpJPSauVVcM6ffarhFfDKF5+0 XLFQ5FzjUujEGtkAmcFttXkB4yZyeZYSVKbA2GLxomlqY3OSHG 0kHryC+fS17zi9Mc69AFFntC0+ELbSJo1HDHuDtk=
    org.springframework.security.authentication.BadCre dentialsException: Kerberos validation not succesfull
    at org.springframework.security.extensions.kerberos.S unJaasKerberosTicketValidator.validateTicket(SunJa asKerberosTicketValidator.java:69)
    at org.springframework.security.extensions.kerberos.K erberosServiceAuthenticationProvider.authenticate( KerberosServiceAuthenticationProvider.java:86)
    at org.springframework.security.authentication.Provid erManager.doAuthentication(ProviderManager.java:13 0)
    at org.springframework.security.authentication.Abstra ctAuthenticationManager.authenticate(AbstractAuthe nticationManager.java:48)
    at org.springframework.security.extensions.kerberos.w eb.SpnegoAuthenticationProcessingFilter.doFilter(S pnegoAuthenticationProcessingFilter.java:131)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
    at org.springframework.security.web.context.SecurityC ontextPersistenceFilter.doFilter(SecurityContextPe rsistenceFilter.java:79)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
    at org.springframework.security.web.FilterChainProxy. doFilter(FilterChainProxy.java:168)
    at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:167)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.p rocess(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnect ionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProce ssor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1110)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:603)
    at java.lang.Thread.run(Thread.java:722)
    Caused by: java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - DES3 CBC mode with SHA1-KD)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:415)
    at org.springframework.security.extensions.kerberos.S unJaasKerberosTicketValidator.validateTicket(SunJa asKerberosTicketValidator.java:67)
    ... 26 more
    Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - DES3 CBC mode with SHA1-KD)
    at sun.security.jgss.krb5.Krb5Context.acceptSecContex t(Krb5Context.java:788)
    at sun.security.jgss.GSSContextImpl.acceptSecContext( GSSContextImpl.java:342)
    at sun.security.jgss.GSSContextImpl.acceptSecContext( GSSContextImpl.java:285)
    at sun.security.jgss.spnego.SpNegoContext.GSS_acceptS ecContext(SpNegoContext.java:871)
    at sun.security.jgss.spnego.SpNegoContext.acceptSecCo ntext(SpNegoContext.java:544)
    at sun.security.jgss.GSSContextImpl.acceptSecContext( GSSContextImpl.java:342)
    at sun.security.jgss.GSSContextImpl.acceptSecContext( GSSContextImpl.java:285)
    at org.springframework.security.extensions.kerberos.S unJaasKerberosTicketValidator$KerberosValidateActi on.run(SunJaasKerberosTicketValidator.java:146)
    at org.springframework.security.extensions.kerberos.S unJaasKerberosTicketValidator$KerberosValidateActi on.run(SunJaasKerberosTicketValidator.java:136)
    ... 29 more
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules