Skip to main content

Kerberos Support - HMAC and Pre-Auth

4 replies [Last post]
miggyx
Offline
Joined: 2005-11-17

Hi,
After reading a post by Seema Malkani at :

http://mailman.mit.edu/pipermail/kerberos/2005-August/008392.html

I quickly downloaded the latest version of the JDK. However I can't find the kerberos binaries that I expected to find with it.

Can anyone confirm for sure whether or not the latest version (rc-b60) has the kerberos tools and supports RC4-HMAC and Pre Auth?

Thanks!

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
rpdmiranda
Offline
Joined: 2006-03-16

Hi...

I'm still getting this error in the Java HotSpot(TM) Client VM (build 1.6.0-beta-b59g version. Did you get some information about this problem?

miggyx
Offline
Joined: 2005-11-17

Ah, must be something I'm doing then. I can see the pre-auth bit in the kerberos debug but I'm getting this error thrown :

java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be null!
at sun.security.krb5.EncryptionKey.(EncryptionKey.java:214)
at sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:191)
at sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:159)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:632)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:589)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at JaasAcn.main(JaasAcn.java:74)

However, this doesn't occur when using accounts with DES encryption.

seemam
Offline
Joined: 2005-11-18

Are you attempting to use RC4-HMAC ? Make sure your Kerberos account has been setup appropriately.

This error is typically seen if the Kerberos key has not been setup. Are you using keytabs ? If you are, then check if you have setup the keytab correctly.

You can send me all details directly at my email addr
Seema.Malkani@sun.com

Seema

seemam
Offline
Joined: 2005-11-18

Yes, support for RC4-HMAC Kerberos encryption type and
Pre-Authentication is available in Java SE 6 (Mustang).

Java Kerberos tools are available in Java SE 6 Windows
release only.

Seema Malkani