>
> I have done NTP synchronization in AD
> still I am getting same error
> could you please help in this
>
> -Original Message-
> From: David Marsh [mailto:dmars...@outlook.com]
> Sent: Thursday, May 07, 2015 3:39 PM
> To: Tomcat Users List
> Subject: RE: Tom
Kerberos requires NTP synchronisation to be in place and working.
Fix your clocks and the error should go away.
> From: ravindhar_ko...@persistent.com
> To: users@tomcat.apache.org
> Subject: Tomcat windows 7 authentication
> Date: Thu, 7 May 2015 10:01:39 +
>
> Hi
> I am working on windows a
8000 Is the HTTP port in development just in case you are using port 808433 Is
similar for HTTPS22 Is SSH port
Normally you define a free port in a user range say 9009, to be your debug port.
Then you use a suitable java debugger to connect to that port.
I've never used vagrant, but it sounds like
No worries fixed it :-
ldap://win-dc01.kerbtest.local:389";
userBase="cn=Users,dc=kerbtest,dc=local"
userSearch="(cn={0})"
userRoleName="memberOf"
roleBase="cn=Users,dc=kerbtest,dc=local"
roleName="cn"
roleSearch="(member={0})"
Ok so I fixed my Realm :-
ldap://win-dc01.kerbtest.local:389";
userBase="cn=Users,dc=kerbtest,dc=local"
userSearch="(cn={0})"
userRoleName="memberOf"
roleBase="cn=Users,dc=kerbtest,dc=local"
roleName="cn"
roleSearch="(uniqueMember=
So I have SPNEGO working and I want to use the JNDI realm for authorisation.
I have this configured :-
ldap://win-dc01.kerbtest.local:389";
userBase="ou=Users,dc=kerbtest,dc=local"
userSearch="(uid={0})"
userRoleName="memberOf"
roleBase="ou=Users,dc=
ker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: GSSException: Defective token detected (Mechanism level: GSSHeader
did not find
the right
tag)
at sun.security.jgss.GSSHeader
straints Checking constraint 'SecurityConstraint[JMX Proxy interface]'
against GET /images/tomca
t.gif --> false
28-Mar-2015 14:21:28.864 FINE [http-nio-80-exec-4]
org.apache.catalina.realm.RealmBase.findSecurityC
onstraints Checking constraint 'SecurityConstraint[HTML Manag
10:13:29 +0200
> To: users@tomcat.apache.org
>
>
>
> Am 28. März 2015 17:46:50 MEZ, schrieb Mark Thomas :
>>On 28/03/2015 14:43, David Marsh wrote:
>>> Ok so I went back to basics and created three new VM's.
>>>
>>> Windows Server 2008 R2
>>> W
t;
>
>> Date: Thu, 26 Mar 2015 12:11:34 +0100
>> From: a...@ice-sa.com
>> To: users@tomcat.apache.org
>> Subject: Re: SPNEGO test configuration with Manager webapp
>>
>> David Marsh wrote:
>>> Hi Mark,
>>&
x27;s and the Negotiate.
> Date: Thu, 26 Mar 2015 12:11:34 +0100
> From: a...@ice-sa.com
> To: users@tomcat.apache.org
> Subject: Re: SPNEGO test configuration with Manager webapp
>
> David Marsh wrote:
>> Hi Mark,
>>
>> Thank
configuration with Manager webapp
>
> David Marsh wrote:
>> Hi Mark,
>> Thanks that would be great !
>> Do you have a good mechanism to test and ensure kerberos token is passed to
>> tomcat and not NTLM token ?
>
> I believe that I can answer that.
>
>
with Manager webapp
>
> On 26/03/2015 00:36, David Marsh wrote:
> > Still getting :-
> > java.security.PrivilegedActionException: GSSException: Defective token
> > detected (Mechanism level: G
> > SSHeader did not find the right tag)
> >
> > Folks
tication Data:
>>> PA-DATA type = 19
>>> PA-ETYPE-INFO2 etype = 18, salt = KERBTEST.LOCALHTTPwin-tc01.kerbtest.l
>>> ocal, s2kparams = null
>>> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>
>>>>>>Pre-Authentication Data:
> > HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
> > Found unsupported keytype (1) for
> > HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
> > Looking for keys for: HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL
> > Added key: 17version: 5
> > Added key: 18version: 5
> > Added k
ion information was invalid
> sname is krbtgt/KERBTEST.LOCAL@KERBTEST.LOCAL
> eData provided.
> msgType is 30
>>>>Pre-Authentication Data:
> PA-DATA type = 19
> PA-ETYPE-INFO2 etype = 18, salt = KERBTEST.LOCALHTTPwin-tc01.kerbtest.l
> ocal, s2kparams = null
> PA-ETYPE-
cUdNcmYw/ftHsanMwZEat5lznurgVFDwa6rjxVoc+X/C6Dwl+ME/yEClpwn6bxxDyCssxUgYsiRfWJGCr6EEPdWB5omQUf1o9ArvEbgtyS4kkHGLa3X5FeXctRwi2Yj/uLYnEOZHfkco
>>>>>
>>>>>
>>> Kk31FvdhSr92Kry4926hlS9ao4nyGS7ZVnvr1n8r5V6+D6UbYhUQgBvEaERgc8T822kiij1N/szQePAze4YWWTA0djryRSB0qqMG
> Subject: RE: SPNEGO test configuration with Manager webapp
>> From: felix.schumac...@internetallee.de
>> Date: Wed, 25 Mar 2015 17:31:51 +0100
>> To: users@tomcat.apache.org
>>
>>
>>
>> Am 25. März 2015 17:25:25 MEZ, schrieb David Marsh :
>>>This
ager webapp
> From: felix.schumac...@internetallee.de
> Date: Wed, 25 Mar 2015 17:31:51 +0100
> To: users@tomcat.apache.org
>
>
>
> Am 25. März 2015 17:25:25 MEZ, schrieb David Marsh :
>>This is how the keytab was created :-
>>
>>ktpass -ptype KRB5_NT_PRINCIPAL
.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: GSSException: Defective token detected (Mechanism level: GSSHeader
did not find the right
tag)
at sun.security.jgss.GSSHeader.(GSSHeader.java:97)
at sun.security.jgss.GSSContextImpl.acceptS
; From: ma...@apache.org
> To: users@tomcat.apache.org
> Subject: Re: SPNEGO test configuration with Manager webapp
>
> On 24/03/2015 20:47, David Marsh wrote:
>> Hi Felix,
>> Thanks fort your help!
>> I have enabled krb5 and gss debug.I altered CATALINA_OPTS in star
cons in KrbAsReq.getReply HTTP/win-tc01.kerbtest.local
Search Subject for SPNEGO ACCEPT cred (<>, sun.security.jgss.spnego.SpNegoC
redElement)
Search Subject for Kerberos V5 ACCEPT cred (<>, sun.security.jgss.krb5.Krb5
AcceptCredential)
Found KeyTab C:\Program Files\Apache Software Foundation\T
; From: felix.schumac...@internetallee.de
> To: users@tomcat.apache.org
> Subject: Re: SPNEGO test configuration with Manager webapp
>
> Am 24.03.2015 um 21:25 schrieb David Marsh:
> > Everything is as described and still not working, except the jaas.conf is :-
> >
> >
I copied old config file to mail yes.
> Date: Tue, 24 Mar 2015 21:17:59 +0100
> From: felix.schumac...@internetallee.de
> To: users@tomcat.apache.org
> Subject: Re: SPNEGO test configuration with Manager webapp
>
> Am 24.03.2015 um 2
sers@tomcat.apache.org
> Subject: Re: SPNEGO test configuration with Manager webapp
>
> Am 24.03.2015 um 21:05 schrieb David Marsh:
>> Sorry thats :-
>>
>>> principal="HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL"
>> under jaas.conf, it is set to the tomca
Sorry thats :-
> principal="HTTP/win-tc01.kerbtest.local@KERBTEST.LOCAL"
under jaas.conf, it is set to the tomcat server DNS.
> From: dmars...@outlook.com
> To: users@tomcat.apache.org
> Subject: SPNEGO test configuration with Manager webapp
> Date: Tue,
I'm trying to get SPNEGO authentication working with Tomcat 8.
I've created three Windows VMs :-
Tomcat Server - Windows 8.1 32 bit VM
Test Client - Windows 8.1 32 bit VM
Domain Controller - Windows Server 2012 R2 64 bit VM
The Tomcat Server and the Test Client are joined to the same domain
k
I was using Internet explorer and had added the ip address of to domain
controller/ tomcat server to the trusted sites list in the Intranet zone.I was
not using https.I was using a Windows 8 client VM to talk to a Windows Server
2012 VM.
I have now tried Firefox with SPNEGO and can confirm with
Hello,
I'm trying to get SPNEGO authentication working with Tomcat 8.
I've followed the guidelines on the website.
jaas.conf
com.sun.security.jgss.krb5.initiate {...};
com.sun.security.jgss.krb5.accept {
com.sun.security.auth.module.Krb5LoginModule requireddoNotPrompt=true
principal="HT
29 matches
Mail list logo
