Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/309.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
带有Kerberos的Java/Tomcat应用程序_Java_Tomcat_Kerberos - Fatal编程技术网
Fatal编程技术网
  • java/
  • 带有Kerberos的Java/Tomcat应用程序

带有Kerberos的Java/Tomcat应用程序

java tomcat

带有Kerberos的Java/Tomcat应用程序,java,tomcat,kerberos,Java,Tomcat,Kerberos,我是一名Kerberos新手,我正在尝试配置一个Java/Tomcat应用程序,以便使用Kerberos与数据库进行身份验证。我得到的堆栈跟踪表明它无法连接,并且没有有效的凭据,但我无法判断问题出在哪里 这是我的krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaul

我是一名Kerberos新手,我正在尝试配置一个Java/Tomcat应用程序,以便使用Kerberos与数据库进行身份验证。我得到的堆栈跟踪表明它无法连接,并且没有有效的凭据,但我无法判断问题出在哪里

这是我的krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_keytab_name = FILE:C:\Users\QZAJ\Documents\repos\secure.qzaj\qzaj.keytab
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
# default_realm = WINDOWSKDCDOMAIN
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
WINDOWSKDCDOMAIN = {
kdc = DEVDC01.DEV.MYDOMAIN.COM :88
}

[domain_realm]
#.MYDOMAIN.com = WINDOWSKDCDOMAIN
#MYDOMAIN.com = WINDOWSKDCDOMAIN
还有我的jaas.conf

com.sun.security.jgss.krb5.initiate {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    doNotPrompt=true
    keyTab="C:\Users\QZAJ\Documents\repos\secure.qzaj\qzaj.keytab"
    principal="QZAJ@MYDOMAIN.NET"
    debug=true
};
com.sun.security.jgss.krb5.accept {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    doNotPrompt=true
    keyTab="C:\Users\QZAJ\Documents\repos\secure.qzaj\qzaj.keytab"
    principal="QZAJ@MYDOMAIN.NET"
    debug=true
};
我的密钥表文件

MYDOMAIN.NET QZAJ   X\e  �...
MYDOMAIN.NET QZAJ   X\e   �...
以及运行时的错误/堆栈跟踪

>>>KinitOptions cache name is C:\Users\QZAJ\krb5cc_qzaj
>> Acquire default native Credentials
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23.
>>> Obtained TGT from LSA: Credentials:
      client=QZAJ@MYDOMAIN.NET
      server=krbtgt/MYDOMAIN.NET@MYDOMAIN.NET
    authTime=20161228220909Z
   startTime=20161228220909Z
     endTime=20161229073249Z
   renewTill=20170104213249Z
       flags=FORWARDABLE;RENEWABLE;PRE-AUTHENT
EType (skey)=17
   (tkt key)=18
Found ticket for QZAJ@MYDOMAIN.NET to go to krbtgt/MYDOMAIN.NET@MYDOMAIN.NET expiring on Wed Dec 28 23:32:49 PST 2016
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 17 16 23.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
getKDCFromDNS using UDP
>>> KrbKdcReq send: kdc=a0319dc17.MYDOMAIN.net. TCP:88, timeout=30000, number of retries =3, #bytes=2108
>>> KDCCommunication: kdc=a0319dc17.MYDOMAIN.net. TCP:88, timeout=30000,Attempt =1, #bytes=2108
>>>DEBUG: TCPClient reading 2050 bytes
>>> KrbKdcReq send: #bytes read=2050
>>> KdcAccessibility: remove a0319dc17.MYDOMAIN.net.:88
>>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
KrbException: Message stream modified (41)
    at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:50)
    at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:87)
    at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:259)
    at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:270)
    at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:302)
    at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:120)
    at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
    at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
    at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthHandShake(KerbAuthentication.java:226)
    at com.microsoft.sqlserver.jdbc.KerbAuthentication.GenerateClientContext(KerbAuthentication.java:314)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:4116)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:3188)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.access$100(SQLServerConnection.java:61)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:3151)
    at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7535)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2438)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1973)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1616)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1447)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:788)
    at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1187)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:270)
    ...
com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId:a27a8ca0-5c80-4f88-9908-49650040a303
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:2392)
    at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthHandShake(KerbAuthentication.java:247)
    at com.microsoft.sqlserver.jdbc.KerbAuthentication.GenerateClientContext(KerbAuthentication.java:314)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:4116)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:3188)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.access$100(SQLServerConnection.java:61)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:3151)
    at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7535)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2438)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1973)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1616)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1447)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:788)
    at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1187)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:270)
    ...
Caused by: GSSException: No valid credentials provided (Mechanism level: Message stream modified (41))
    at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770)
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
    at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthHandShake(KerbAuthentication.java:226)
    ...
Caused by: KrbException: Message stream modified (41)
    at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:50)
    at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:87)
    at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:259)
    at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:270)
    at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:302)
    at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:120)
    at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
    at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
    ...
KinitOptions缓存名称为C:\Users\QZAJ\krb5cc\u QZAJ >>获取默认本机凭据 使用默认类型的内置默认etype 默认类型的默认etype:17 16 23。 >>>已从LSA获得TGT:凭据: 客户=QZAJ@MYDOMAIN.NET 服务器=krbtgt/MYDOMAIN。NET@MYDOMAIN.NET authTime=20161228220909Z 起始时间=20161228220909Z 结束时间=20161229073249Z 续约时间=20170104213249Z 标志=可转发;可再生的前作者 词缀(skey)=17 (tkt键)=18 找到QZAJ@MYDOMAIN.NET转到krbtgt/MYDOMAIN。NET@MYDOMAIN.NET于2016年12月28日星期三23:32:49太平洋标准时间到期 输入状态为state\u NEW的Krb5Context.initSecContext 在主题中找不到服务票证 >>>凭据acquireServiceCreds:同一领域 使用默认类型的内置默认etype 默认类型的默认etype:17 16 23。 >>>CksumType:sun.security.krb5.internal.crypto.RsaMd5CksumType >>>EType:sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType 使用UDP获取kdcfromdns >>>KrbKdcReq发送:kdc=a0319dc17.MYDOMAIN.net。TCP:88,超时=30000,重试次数=3,#字节=2108 >>>kdc通信:kdc=a0319dc17.MYDOMAIN.net。TCP:88,超时=30000,尝试=1,#字节=2108 >>>调试:TCPClient正在读取2050字节 >>>KrbKdcReq发送:#字节读取=2050 >>>KDCAccessability:删除a0319dc17.MYDOMAIN.net.:88 >>>EType:sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType KrbException:消息流已修改(41) 在sun.security.krb5.krbkdprep.check(krbkdprep.java:50)上 在sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:87) 位于sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:259) 位于sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:270) 位于sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:302) 位于sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:120) 位于sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458) 位于sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693) 位于sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) 位于sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) 位于com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthHandShake(KerbAuthentication.java:226) 位于com.microsoft.sqlserver.jdbc.KerbAuthentication.GenerateClientContext(KerbAuthentication.java:314) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:4116) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:3188) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.access$100(SQLServerConnection.java:61) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:3151) 位于com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7535) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2438) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1973) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1616) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.connectioninternal(SQLServerConnection.java:1447) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:788) 位于com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1187) 位于java.sql.DriverManager.getConnection(DriverManager.java:664) 位于java.sql.DriverManager.getConnection(DriverManager.java:270) ... com.microsoft.sqlserver.jdbc.SQLServerException:集成身份验证失败。客户连接ID:a27a8ca0-5c80-4f88-9908-49650040a303 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:2392) 位于com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthHandShake(KerbAuthentication.java:247) 位于com.microsoft.sqlserver.jdbc.KerbAuthentication.GenerateClientContext(KerbAuthentication.java:314) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:4116) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:3188) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.access$100(SQLServerConnection.java:61) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:3151) 位于com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7535) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2438) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1973) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1616) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.connectioninternal(SQLServerConnection.java:1447) 位于com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:788) 位于com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1187) 位于java.sql.DriverManager.getConnection(DriverManager.java:664) 位于java.sql.DriverManager.getConnection(DriverManager.java:270) ... 原因:GSSExException:未提供有效凭据(机制级别:消息流已修改(41)) 位于sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770) 位于sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) 在sun.security.jgss.GSSConte