Problem getting kerberos service ticket - sname has ip address not hostname.
Hello, I'm hoping that someone can hel here. I've posted on a couple of different forums and not had any response. I have a Java application that is running on a Windows XP client, with a windows Server 2003 AD controller. The Java application is trying to get a service ticket to authenticate against a database running on a linux server. My problem is that the application fails when it requests the service ticket. From the debug output it appears to be replacing the server name with the ip address in the sname field. I've pasted the Java code and the response below. Is there a windows tool that I can test with to make sure the environment is configured correctly? Is there something the administrators need to do the AD server? org.ietf.jgss.Oid[] desiredMechs = new org.ietf.jgss.Oid[1]; desiredMechs[0] = new org.ietf.jgss.Oid("1.2.840.113554.1.2.2"); GSSManager manager = GSSManager.getInstance(); GSSName clientName = manager.createName("MontgomeryB@LAB2K.NET", GSSName.NT_USER_NAME); GSSCredential clientCreds = manager.createCredential( GSSCredential.INITIATE_ONLY); GSSCredential clientCred = manager.createCredential(clientName, 8 * 3600, desiredMechs[0], GSSCredential.INITIATE_ONLY); GSSName serverName = manager.createName("*HTTP@poe3b.lab2k.net*", GSSName.NT_HOSTBASED_SERVICE); Entered Krb5Context.initSecContext with state=STATE_NEW Service ticket not found in the subject Credentials acquireServiceCreds: same realm Using builtin default etypes for default_tgs_enctypes default etypes for default_tgs_enctypes: 3 1 23 16 17. CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbKdcReq send: kdc=labad2.lab2k.net UDP:88, timeout=30000, number of retries =3, #bytes=1276 KDCCommunication: kdc=labad2.lab2k.net UDP:88, timeout=30000,Attempt =1, #bytes=1276 KrbKdcReq send: #bytes read=92 KrbKdcReq send: #bytes read=92 KDCRep: init() encoding tag is 126 req type is 13 KRBError: sTime is Mon Jul 26 12:07:34 EDT 2010 1280160454000 suSec is 65057 error code is 7 error Message is Server not found in Kerberos database realm is LAB2K.NET sname is *HTTP/172.16.118.89* msgType is 30 KrbException: Server not found in Kerberos database (7) Thanks - Bryan
August 3rd, 2010 9:49pm

Hi, I looked at the org.ietf.jgss interfaces and I can't find anything wrong with the code that would be causing the name to be converted to an IP address. Perhaps it is a problem with the version of the underlying Sun library that you are calling. My only recommendation would be to try with the latest version of the JDK and the latest version of JAAS or JGSS if they are bundled separately. You might be able to get a better answer here, http://forums.sun.com/forum.jspa?forumID=545&start=0 -- Mike Burr
Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2010 11:47pm

Thanks Mike, I have tried posting to the java forums - with some success, that got me further along. Interestingly, after posting this I took the java code and ran it on a linux machine where it worked fine. Incidentally, the Windows Java version was one minor revision newer. I think it may be something to do with the Windows network configuration. It's frustrating as it seems it should work - however, it looks like it might not be needed for the project anymore. Bryan.
August 7th, 2010 6:50pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics