GSS-API Java奇怪错误
我正在运行以下教程: 我得到以下提示:GSS-API Java奇怪错误,java,authentication,kerberos,gssapi,Java,Authentication,Kerberos,Gssapi,我正在运行以下教程: 我得到以下提示: Connected to server localhost/127.0.0.1 Kerberos username [login]: {I enter my username here} Kerberos password for login: {I enter my password here} 我得到以下错误: 你能确定这件事的根本原因吗 Exception in thread "main" GSSException: No valid crede
Connected to server localhost/127.0.0.1
Kerberos username [login]: {I enter my username here}
Kerberos password for login: {I enter my password here}
Exception in thread "main" GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))
at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:333)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:128)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
at demo.SampleClient.main(SampleClient.java:145)
Caused by: javax.security.auth.login.LoginException: Message stream modified (41)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at sun.security.jgss.GSSUtil.login(GSSUtil.java:246)
at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:136)
at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:328)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:325)
... 7 more
Caused by: KrbException: Message stream modified (41)
at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:96)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:410)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:378)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
... 23 more
线程“main”GSSException中出现异常:未提供有效凭据(机制级别:尝试获取新的启动凭据失败!(null))
位于sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:333)
位于sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:128)
位于sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106)
位于sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172)
位于sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209)
位于sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195)
位于sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
位于demo.SampleClient.main(SampleClient.java:145)
原因:javax.security.auth.login.login异常:消息流已修改(41)
在com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication上(Krb5LoginModule.java:696)
位于com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)处
位于sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)中
位于java.lang.reflect.Method.invoke(Method.java:597)
位于javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
位于javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
位于javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
位于java.security.AccessController.doPrivileged(本机方法)
位于javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
位于javax.security.auth.login.LoginContext.login(LoginContext.java:575)
登录(GSSUtil.java:246)
位于sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:136)
位于sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:328)
位于java.security.AccessController.doPrivileged(本机方法)
位于sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:325)
... 还有7个
原因:KrbeException:消息流已修改(41)
查看sun.security.krb5.krbkdprep.check(krbkdprep.java:53)
在sun.security.krb5.KrbAsRep.(KrbAsRep.java:96)
位于sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
位于sun.security.krb5.Credentials.sendASRequest(Credentials.java:410)
位于sun.security.krb5.Credentials.acquireTGT(Credentials.java:378)
位于com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
... 23多
不依赖LSA凭据缓存。我想知道这是否有可能(即即使设置了注册表项,本地管理员也会锁定): 已知问题 如果还将AD帐户添加到上的本地管理员组中 客户端PC,Microsoft限制此类客户端获取会话密钥 用于票据(即使您将allowtgtsessionkey注册表项设置为1)。 解决方法是:忘记您是登录用户,调用kinit.exe。
不依赖LSA凭据缓存。我无法确认该问题。我在我的机器上拥有管理员权限,并且仍然能够从LSA获得会话密钥。您应该在JGSS和Krb5LoginModule上启用完全调试输出。共享您的krb5.ini和login.conf。我希望您知道上面的示例无法工作,因为您的客户无法获得本地主机的票证。它必须是在Active Directory中设置了适当SPN的FQDN。我无法确认该问题。我在我的机器上拥有管理员权限,并且仍然能够从LSA获得会话密钥。您应该在JGSS和Krb5LoginModule上启用完全调试输出。共享您的krb5.ini和login.conf。我希望您知道上面的示例无法工作,因为您的客户无法获得本地主机的票证。它必须是在Active Directory中设置了适当SPN的FQDN。当Kerberos领域不匹配时,我遇到异常“Message stream modified(41)”。领域(在系统属性
java.security.krb5.realm