Tôi đã có ứng dụng khách Java và ứng dụng máy chủ Java và tôi đang cố gắng xác thực với máy chủ qua Kerberos. Khách hàng về cơ bản sử dụng các thành phần http và SPNEGO để thực hiện cuộc gọi HTTP GET, nhưng tôi luôn nhận được kết quả là 401 Unauthorized
.Xác thực Kerberos Java dường như hoạt động, vẫn bị từ chối
tôi không thể nhận ra các lỗi trong trình tự đăng nhập Kerberos dưới đây, có lẽ các bạn có thể:
Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f
alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa
lse principal is null tryFirstPass is false useFirstPass is false storePass is f
alse clearPass is false
Kerberos-Benutzername [GP_Myuser]: [email protected]
Kerberos-Passwort f³r [email protected]:
[Krb5LoginModule] user entered username: [email protected]
LOCAL
default etypes for default_tkt_enctypes: 23.
Acquire TGT using AS Exchange
default etypes for default_tkt_enctypes: 23.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of retries =3, #bytes=144
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt=1, #bytes=144
>>> KrbKdcReq send: #bytes read=181
>>> KrbKdcReq send: #bytes read=181
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Tue Jul 05 16:28:31 CEST 2011 1309876111000
suSec is 250145
error code is 25
error Message is Additional pre-authentication required
realm is EESERV.LOCAL
sname is krbtgt/EESERV.LOCAL
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 11
PA-ETYPE-INFO etype = 23
PA-ETYPE-INFO salt =
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 23
PA-ETYPE-INFO2 salt = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
default etypes for default_tkt_enctypes: 23.
>>>KrbAsReq salt is EESERV.LOCALGP_Myuser
default etypes for default_tkt_enctypes: 23.
Pre-Authenticaton: find key for etype = 23
AS-REQ: Add PA_ENC_TIMESTAMP now
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of
retries =3, #bytes=222
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt=1, #bytes=222
>>> KrbKdcReq send: #bytes read=1450
>>> KrbKdcReq send: #bytes read=1450
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply GP_Myuser
default etypes for default_tkt_enctypes: 23.
principal is [email protected]
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 3D F9 1C A6 3B 94 7B 27 B3
6C D7 E5 70 77 84 22 =...;..'.l..pw."
Commit Succeeded
Found ticket for [email protected] to go to krbtgt/[email protected]
V.LOCAL expiring on Wed Jul 06 02:28:32 CEST 2011
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 23.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of
retries =3, #bytes=1452
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt
=1, #bytes=1452
>>> KrbKdcReq send: #bytes read=1436
>>> KrbKdcReq send: #bytes read=1436
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Krb5Context setting mySeqNumber to: 512880730
Created InitSecContextToken:
0000: 01 00 6E 82 05 51 30 82 05 4D A0 03 02 01 05 A1 ..n..Q0..M......
0010: 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 04 ......... ......
0020: 6E 61 82 04 6A 30 82 04 66 A0 03 02 01 05 A1 0E na..j0..f.......
0030: 1B 0C 45 45 53 45 52 56 2E 4C 4F 43 41 4C A2 24 ..EESERV.LOCAL.$
0040: 30 22 A0 03 02 01 00 A1 1B 30 19 1B 04 48 54 54 0".......0...HTT
0050: 50 1B 11 61 6C 66 2D 74 65 73 74 2E 65 6C 69 6E P..alf-test.server
0060: 2E 63 6F 6D A3 82 04 27 30 82 04 23 A0 03 02 01 .com...'0..#....
0070: 17 A1 03 02 01 03 A2 82 04 15 04 82 04 11 C2 1E ................
0080: 14 D0 18 19 AF 82 D3 92 7F 62 96 A9 92 F7 94 5B .........b.....[
0090: FF CA FE 66 2F C8 A9 C6 36 A2 2E FF EB FB CA 3D ...f/...6......=
00A0: 5D 5B 59 B5 0F E3 B7 B6 29 C2 62 A3 45 44 42 00 ][Y.....).b.EDB.
00B0: DA 14 3D 83 1E 50 3D AA A9 9F 0C A6 49 4E F3 51 ..=..P=.....IN.Q
00C0: 67 68 14 A4 D3 49 E6 6F 1C 2C 7D 04 7B F2 6E BD gh...I.o.,....n.
00D0: 23 07 DD CD 09 DC 89 62 73 0E 06 EE 68 28 39 A4 #......bs...h(9.
00E0: 22 3C 92 C0 22 C0 6B 0B 42 4B 95 B5 E5 AC 77 30 "<..".k.BK....w0
00F0: D8 75 A1 8D E8 FC A5 5A D6 1D A8 5B D4 15 82 C5 .u.....Z...[....
0100: AE 1E 36 48 72 01 9B 3C FA A9 60 20 1D 9A 84 20 ..6Hr..<..` ...
0110: 41 3F FA 71 A8 07 9C 50 73 FA 03 2B 8D 94 98 C8 A?.q...Ps..+....
0120: 57 A2 87 09 BF 87 26 62 2B 49 40 6A 67 C4 F1 00 W.....&[email protected]
0130: 66 55 D7 75 6D A6 2F 28 3C 68 86 1F 29 E1 7E 10 fU.um./(<h..)...
0140: CD 2B F0 78 A7 23 D9 18 8D 5D 98 F9 7D 00 11 78 .+.x.#...].....x
0150: 7B 5E D3 5E EA EE 74 82 B7 93 A4 DA 0E 3C 61 E6 .^.^..t......<a.
0160: B3 D5 5A F3 67 8C 03 4C 0E E6 42 96 8F E0 99 98 ..Z.g..L..B.....
0170: C2 A0 C6 D3 8F B4 A4 CA 99 C1 8A F0 6E 00 E0 BE ............n...
0180: 95 7F 1F F5 E7 15 3D 0F CD 22 51 D9 41 D0 5F 01 ......=.."Q.A._.
0190: 48 EB 47 64 B8 74 BC BE 76 0F AE 4B F4 E6 3A 1E H.Gd.t..v..K..:.
01A0: 2A 62 85 FA 7E 07 E7 8D 60 EC B9 23 10 E3 1B 1E *b......`..#....
01B0: C5 90 D2 25 BB C5 2C 05 A3 E2 39 D1 FF 70 CF E7 ...%..,...9..p..
01C0: D5 C6 13 E6 BC 60 55 89 C1 B9 FB 0F E4 5D E7 A5 .....`U......]..
01D0: 95 BA F9 70 EC 06 CB 62 E8 AD F3 29 BA 34 FF C2 ...p...b...).4..
01E0: 95 76 21 9B 0D 0B DE 66 05 0E EE 33 31 E7 BE 52 .v!....f...31..R
01F0: 64 DB 91 8B 55 96 5F E7 2D 2A EA E2 D3 BC 5F CD d...U._.-*...._.
0200: 46 E5 45 A1 07 68 28 BF 1D 32 7D 04 C0 60 97 78 F.E..h(..2...`.x
0210: 4F 8E 4C 92 2B F1 B2 C3 9B 04 D9 43 02 7F A5 27 O.L.+......C...'
0220: A4 8E 48 EE 5E A9 3B 7E 7F C0 54 0D A5 75 D2 B3 ..H.^.;...T..u..
0230: FC 72 3A 80 F4 9A F1 34 7C 51 54 13 F7 9E FE 79 .r:....4.QT....y
0240: 8F 15 5A A7 9E 47 9B 36 10 33 F3 08 EA F2 33 BB ..Z..G.6.3....3.
0250: 9F 45 61 ED 91 1F CF 30 05 76 C0 56 FB 38 51 25 .Ea....0.v.V.8Q%
0260: 27 1F 39 A5 C9 F9 0C D2 00 F2 6B E2 28 09 B2 30 '.9.......k.(..0
0270: A2 63 68 FE 46 A5 33 E0 60 BB B2 B5 DA 5A 78 2A .ch.F.3.`....Zx*
0280: 37 FE 16 0D 8E E6 97 52 47 28 B2 D0 92 DB F3 CD 7......RG(......
0290: 9A 5F 98 16 4E C9 96 2C 00 7C FE 96 B0 DE CD 6D ._..N..,.......m
02A0: 5A BC 13 1B E2 E7 F6 74 DE DC 2B B7 16 AB C0 0F Z......t..+.....
02B0: BA 4C 08 C3 4F 25 3C 1A 9A E5 36 32 8E D9 C7 10 .L..O%<...62....
02C0: 62 F2 13 BB 62 B4 C5 F2 9D 69 DB 6C 0C 37 E1 AF b...b....i.l.7..
02D0: F5 C6 D9 CD B5 F6 60 A2 93 DD 98 8C B2 59 C7 7A ......`......Y.z
02E0: 50 4D 27 7B CC DA C9 28 9D 05 9C E8 FC 57 F8 4A PM'....(.....W.J
02F0: 12 67 ED 7E 23 AB B5 FB 8A B7 CE 4D DA 1B 7F 1A .g..#......M....
0300: B3 6F DF 42 9F C4 90 C9 35 D9 77 33 CD 6C C5 B5 .o.B....5.w3.l..
0310: C2 A8 15 8C AE BD AE 5F 0A 0A AB 7C 8C F8 E2 9F ......._........
0320: 27 3C 27 85 B3 97 D9 9D DA 6E 56 25 3B BA D5 FB '<'......nV%;...
0330: AB 24 8B BE B7 26 12 7F B6 25 E5 26 DE 8D 54 AA .$...&...%.&..T.
0340: 0B 68 DB 4B 81 AD 9C FD 88 0F 7D 6A 97 79 E5 0F .h.K.......j.y..
0350: 5B 82 43 6F 05 AE C0 EB 77 A6 E3 39 BE 85 6E F0 [.Co....w..9..n.
0360: B5 F5 0B 13 E7 CC 7B 1E 81 4F 37 77 BB 02 26 C2 .........O7w..&.
0370: D7 2C 80 CD 62 91 A7 0C F8 D1 76 5C 21 39 A0 93 .,..b.....v\!9..
0380: 83 04 0A F7 1F C3 4B 0B 34 85 2D 90 75 4E FE 31 ......K.4.-.uN.1
0390: 61 BF D8 F3 36 B5 40 BA 06 F8 47 33 D4 DD EE 2A [email protected]*
03A0: 9C FB 5E 51 7A 25 F7 C1 3F 4D 58 73 F2 4A 50 EA ..^Qz%..?MXs.JP.
03B0: 68 09 27 85 F3 2E BB EA 8E B4 D3 7C DC 3B 52 71 h.'..........;Rq
03C0: 87 34 1B 6F 80 D1 D2 F1 7D C3 9E C4 C3 79 8A A7 .4.o.........y..
03D0: DA 0B A2 69 7C DE D5 67 C7 20 AD 97 A2 98 6A E3 ...i...g. ....j.
03E0: A3 59 BD D2 B6 19 18 1D AB A7 58 3A 56 16 ED 2A .Y........X:V..*
03F0: 75 73 4E DB 02 B5 77 4B F5 9D 1D A4 36 ED 39 26 usN...wK....6.9&
0400: B8 A4 CD 7C 79 5E 11 3C 36 9D DA DA E7 F5 D2 9F ....y^.<6.......
0410: BA 4B 45 E0 67 E5 4F 33 9E 0B 60 E6 76 EB 02 AC .KE.g.O3..`.v...
0420: CC 24 C4 EB 37 C4 31 B7 EA F3 EA 5B 39 D6 E3 0A .$..7.1....[9...
0430: DC F8 DE 8B 18 8C E0 25 5C 4B 85 38 B0 99 04 9C .......%\K.8....
0440: 61 75 17 E3 E6 0C 88 D9 7B C4 9A 2D 25 B3 C1 FE au.........-%...
0450: 9F FD 12 4F E0 DF CF E6 C1 BA 68 00 32 E8 1F 9A ...O......h.2...
0460: 2F 0E FB 44 59 53 8B 43 C5 B6 24 D3 76 B4 04 D2 /..DYS.C..$.v...
0470: 39 A9 21 41 EC A3 78 D1 9B 07 64 10 5B 64 EB 18 9.!A..x...d.[d..
0480: 08 5B 2C 45 90 53 C9 90 A0 4C 15 AF 8A D4 80 A4 .[,E.S...L......
0490: 81 C5 30 81 C2 A0 03 02 01 17 A2 81 BA 04 81 B7 ..0.............
04A0: CB D6 6F 4E E7 6C 78 93 EF 6D EA 0C C8 A9 6B 37 ..oN.lx..m....k7
04B0: EB 0E 9C C5 86 9E E6 BA 0D 88 26 BA FE A8 83 86 ..........&.....
04C0: D4 06 52 50 AF 48 BC 8F 66 08 F1 1E A4 97 5E 05 ..RP.H..f.....^.
04D0: 24 B4 DC 44 94 F3 5D 3D 07 17 10 33 15 D8 E0 0C $..D..]=...3....
04E0: E8 E8 0F 70 E6 23 B3 FF D5 23 63 02 A4 6B 86 C9 ...p.#...#c..k..
04F0: 88 96 FA 8B 02 3C E6 C6 19 7E 86 58 D5 07 80 8F .....<.....X....
0500: 21 10 7A F8 2D E2 C0 AE 33 19 A3 87 8F 18 03 A0 !.z.-...3.......
0510: 22 13 37 66 D5 CA 02 02 E9 51 87 D5 E5 7D 3E 84 ".7f.....Q....>.
0520: 6E 62 4A 0B 04 8D CF 79 07 DE 69 3B 49 95 B1 80 nbJ....y..i;I...
0530: F4 9A 86 62 8D BD F4 DA FB BC 69 97 9A 8D DE 92 ...b......i.....
0540: 0E 8A 65 E7 7C 62 E1 3D E6 93 AD 6F 0A 53 00 B0 ..e..b.=...o.S..
0550: 2F E7 09 A6 1B 01 72 /.....r
05.07.2011 16:28:33 org.apache.http.impl.client.DefaultRequestDirector tryExecute
INFO: I/O exception (org.apache.http.NoHttpResponseException) caught when proces
sing request: The target server failed to respond
05.07.2011 16:28:33 org.apache.http.impl.client.DefaultRequestDirector tryExecute
INFO: Retrying request
----------------------------------------
HTTP/1.1 401 Unauthorized
----------------------------------------
<html><head>
<meta http-equiv="Refresh" content="0; url=/share/page?pt=login">
</head><body><p>Please <a href="/share/page?pt=login">log in</a>.</p>
</body></html>
----------------------------------------
vài thứ. SPN đích mà bạn đã cung cấp làm đối số là gì và bạn đã đặt Realm nào trong tệp web.xml của servlet được yêu cầu? Bạn có thể thiết lập JAAS Realm chẳng hạn. –