- PR -

JAAS kerberosサーバからチケット取得できない

1
投稿者投稿内容
かしん
常連さん
会議室デビュー日: 2004/08/27
投稿数: 25
お住まい・勤務地: 窓際
投稿日時: 2004-09-14 19:46
はじめまして。

JAASを使って、KerberosのKDCからチケットを取得したいのですが、
javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) - Preauthentication failed
が発生してしまいます。

krb5.keytabからprincipal毎の鍵を取得できていないようなのですが、
jaas.confの設定方法が違うのでしょうか。
解決法をご伝授してください。

また、プロンプトからパスワードを入力せずに済む方法はありませんか。
『System.setProperty("javax.security.auth.login.password", "passwd");』
の一行を追加しても駄目なようです。

実行環境:
OS redhat linux
MIT kerbero5_1.3.4
jdk1.4.2

以下、ソース、jaas.conf、実行結果、krb5.keytabのlistです。

Test.java **********************************************************************
import javax.security.auth.login.*;

import com.sun.security.auth.callback.TextCallbackHandler;

public class Test {

public static void main(String[] args) {

System.setProperty("java.security.krb5.realm","SAMPLE.COM");
System.setProperty("java.security.krb5.kdc","krb.sample.com:88");
System.setProperty("java.security.auth.login.config","./jaas.conf");

LoginContext lc = null;
try {
lc = new LoginContext("JaasSample", new TextCallbackHandler());
} catch (LoginException le) {
le.printStackTrace();
System.exit(-1);
} catch (SecurityException se) {
se.printStackTrace();
System.exit(-1);
}

try {
lc.login();
} catch (LoginException le) {
le.printStackTrace();
System.exit(-1);
} catch (Exception e) {
e.printStackTrace();
System.exit(-1);
} catch (Throwable t) {
t.printStackTrace();
System.exit(-1);
}
}
}

jaas.conf **********************************************************************
JaasSample {
com.sun.security.auth.module.Krb5LoginModule required
debug = true
useKeyTab = true
keyTab = "/etc/krb5.keytab"
principal = "sample@SAMPLE.COM"
storeKey = true
;
};

実行結果 ***********************************************************************
$ java -classpath . Test
Debug is true storeKey false useTicketCache false useKeyTab true doNotPrompt fa
lse ticketCache is null KeyTab is /etc/krb5.keytab refreshKrb5Config is false pr
incipal is matsu tryFirstPass is false useFirstPass is false storePass is false
clearPass is false
Key for the principal sample@SAMPLE.COM not available in /etc/krb5.keytab
<font color=red>sample の Kerberos パスワード: </font><font color="blue">passwd</font>
[Krb5LoginModule] user entered username: sample@SAMPLE.COM

principal is sample@SAMPLE.COM
[Krb5LoginModule] authentication failed
Pre-authentication information was invalid (24) - Preauthentication failed
javax.security.auth.login.LoginException: Pre-authentication information was inv
alid (24) - Preauthentication failed
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Kr
b5LoginModule.java:585)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.ja
va:475)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
29)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java
:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at Test.main(Test.java:25)
Caused by: KrbException: Pre-authentication information was invalid (24) - Preau
thentication failed
at sun.security.krb5.KrbAsRep.<init>(DashoA6275:70)
at sun.security.krb5.KrbAsReq.getReply(DashoA6275:315)
at sun.security.krb5.Credentials.acquireTGT(DashoA6275:352)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Kr
b5LoginModule.java:576)
... 12 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.af.a(DashoA6275:134)
at sun.security.krb5.internal.at.a(DashoA6275:63)
at sun.security.krb5.internal.at.<init>(DashoA6275:58)
at sun.security.krb5.KrbAsRep.<init>(DashoA6275:53)
... 15 more

ktutil krb5.keytab *************************************************************
ktutil: rkt /etc/krb5.keytab
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 sample@SAMPLE.COM
2 2 sample@SAMPLE.COM
1

スキルアップ/キャリアアップ(JOB@IT)