Reputation: 730
javax.naming.AuthenticationException in GSSAPI
I'm trying to perform NTLM bind using JAVA GSSAPI.
I'm receiving this error:
javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Invalid option setting in ticket request. (101))]]
I think (not sure) it worked in the past. To solve other problem, I tried "kinit". From that point is stopped working. I even deleted the cache file (couldn't find kclear in windows) and, still, I have this issue.
How can I solve it?
Upvotes: 6
Views: 5846
Answers (2)
Reputation: 14939
I had the same problem (exactly the same Java error stack) for Kerberos tickets that were not created as Forwardable.
A Kerbros ticket renewal/monitor process was written in Perl and used Authen::Krb5::Easy Perl module and that is ignoring /etc/krb5.conf "forwardable = true" setting.
Upvotes: 0
Reputation: 730
Ok, solved it.
I had
proxiable = true
in my krb5 file.
Removed it and it works!
Upvotes: 2
Related Questions
- GSSException: Message stream modified (41)
- "GSSException Defective token detected" - when trying to Authenticate to Tomcat running on Windows using Kerberos
- Java Kerberos authentication seems to work, still gets rejected
- GSSAPI Defective Ticket
- javax.naming.AuthenticationException
- GSS-API Java strange error
- GSSException createCredential
- gss name is corrupted in java for irish fada chars
- Kerberos with Java
- Java Authentication against Active Directory, authentication mismatch?