Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Kerberos spring javax.security.auth.login.LoginException: Unable to obtain password from user

Tags:

java

spring

spring-security

kerberos

spring-security-kerberos

I am implementing kerberos Authentication in my existing java spring application.My unix team has provided me SPN, krb5.conf and keytab file. I am trying hard with below code and configuration but getting unable to obtain password from user exception as in attached logs below.

Can anybody correct me If I am doing something wrong or what could be going wrong? Let me know if you need more information on this. It would be good if someone can tell, how to verify if kerberos configuration is correct or not?
Here is what I have tried. I am using:

  • JDK 1.6
  • spring-security-kerberos-core-1.0.0.M2.jar
  • spring-security-core-3.0.1.RELEASE.jar
  • spring-security-config-3.0.1.RELEASE.jar
  • spring-security-web-3.0.1.RELEASE.jar

My security-config.xml is:

<?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:util="http://www.springframework.org/schema/util"
           xmlns:beans="http://www.springframework.org/schema/beans"
           xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans.xsd
           http://www.springframework.org/schema/util
           http://www.springframework.org/schema/util/spring-util-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<beans:bean class="com.ci.util.TrimmingPropertyPlaceholderConfigurer">
        <beans:property name="searchSystemEnvironment" value="true" />
        <beans:property name="locations">
            <beans:list>
                <beans:value>file:${install.home}/config/application.properties
                </beans:value>
                <beans:value>file:${install.home}/config/environment.properties
                </beans:value>
            </beans:list>
        </beans:property>
    </beans:bean>

    <http entry-point-ref="spnegoEntryPoint" auto-config="false">
        <intercept-url pattern="/selectBlacklisting*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/j_spring_security_check*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
     <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />

     <custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" />
        <form-login login-page="/selectBlacklisting.form" default-target-url="/" always-use-default-target="true"/>
   </http>

   <authentication-manager alias="authenticationManager">
      <authentication-provider ref="kerberosServiceAuthenticationProvider" />
      <authentication-provider ref="kerberosAuthenticationProvider"/>
   </authentication-manager>

    <beans:bean id="spnegoEntryPoint"
  class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />

 <beans:bean id="spnegoAuthenticationProcessingFilter"
  class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
  <beans:property name="authenticationManager" ref="authenticationManager" />
 </beans:bean>

    <beans:bean id="kerberosServiceAuthenticationProvider"
  class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
  <beans:property name="ticketValidator">
   <beans:bean
    class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
    <beans:property name="servicePrincipal" value="${servicePrincipal.url}"/>
    <beans:property name="keyTabLocation" value="${keyTabLocation.url}" />
    <beans:property name="debug" value="true"/>
   </beans:bean>
  </beans:property>
  <beans:property name="userDetailsService" ref="dummyUserDetailsService" />
 </beans:bean>

    <beans:bean id="kerberosAuthenticationProvider" class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider">
  <beans:property name="kerberosClient">
   <beans:bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
    <beans:property name="debug" value="true" />
   </beans:bean>
  </beans:property>
  <beans:property name="userDetailsService" ref="dummyUserDetailsService" />
 </beans:bean>

    <beans:bean class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig">
  <beans:property name="debug" value="true" />
  <beans:property name="krbConfLocation" value="${krbConfLocation.url}" />
 </beans:bean>

    <beans:bean id="dummyUserDetailsService" class="com.ci.manager.interceptor.DummyUserDetailService"/>

  </beans:beans>

Properties values used in above security-config.xml:

servicePrincipal.url=HTTP/[email protected]  
  keyTabLocation.url=file:/MY_APP_ITE3/appmanager/50.T0.17/config/xyzcard-sit1.keytab
  krbConfLocation.url=/etc/krb5/krb5.conf

My DummyUserDetailService:

public class DummyUserDetailService implements UserDetailsService {
    private static final Logger LOGGER = Logger.getLogger(DummyUserDetailService.class);
    public DummyUserDetailService(){
        LOGGER.info("DummyUserDetailService constructor called>>>>>>>>>");
    }


public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    LOGGER.info("loadUserByUsername method called>>>>>>>>>"+username);
    LOGGER.info("loadUserByUsername method called>AuthorityUtils.createAuthorityList>>>>>>>>"+AuthorityUtils.createAuthorityList("ROLE_USER"));
    return new User(username, "notUsed",true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_USER"));
}

}

My web.xml is:

    <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
        version="2.4">

        <display-name>Customer Intelligence Management Tool</display-name>
        <distributable/>
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>
                org.springframework.web.filter.DelegatingFilterProxy
            </filter-class>    
        </filter>

        <filter-mapping>
              <filter-name>springSecurityFilterChain</filter-name>
              <url-pattern>/*</url-pattern>
        </filter-mapping>
         <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/security-config.xml</param-value>
        </context-param>     
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener> 

        <servlet>
            <servlet-name>app-manager</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <init-param>
                <param-name>contextConfigLocation</param-name>
                <param-value>
                    /WEB-INF/applicationContext.xml,
                    /WEB-INF/app-manager-servlet.xml
                </param-value>
            </init-param>
            <load-on-startup>1</load-on-startup>
        </servlet>

        <servlet-mapping>
            <servlet-name>app-manager</servlet-name>
            <url-pattern>*.form</url-pattern>
        </servlet-mapping>

        <session-config>
            <session-timeout>15</session-timeout>
        </session-config>

        <welcome-file-list>
            <welcome-file>/WEB-INF/jsp/index.jsp</welcome-file>
        </welcome-file-list>

        <error-page>
            <error-code>500</error-code>
            <location>/WEB-INF/jsp/Error.jsp</location>
        </error-page>

        <error-page>
            <error-code>404</error-code>
            <location>/WEB-INF/jsp/FileNotFound.jsp</location>
        </error-page>
    </web-app>

Application Logs showing exception:

  015-04-20 13:07:42 ERROR  org.springframework.web.context.ContextLoader[ContextLoader.java:219(initWebApplicationContext)] - Context initialization failed
        org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authentication.ProviderManager#0': Cannot create inner bean '(inner bean)' of type [org.springframework.security.config.authentication.AuthenticationManagerFactoryBean] while setting bean property 'parent'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authenticationManager': Cannot resolve reference to bean 'kerberosServiceAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'kerberosServiceAuthenticationProvider' defined in ServletContext resource [/WEB-INF/security-config.xml]: Cannot create inner bean 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' of type [org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator] while setting bean property 'ticketValidator'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' defined in ServletContext resource [/WEB-INF/security-config.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Unable to obtain password from user

            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:281)
            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:125)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1308)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1067)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
            at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
            at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
            at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
            at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
            at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:562)
            at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:871)
            at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:423)
            at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:272)
            at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:196)
            at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
            at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
            at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
            at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
            at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
            at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
            at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
            at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
            at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
            at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
            at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
            at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
            at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
            at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
            at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
            at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
            at org.apache.catalina.core.StandardService.start(StandardService.java:448)
            at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
            at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
            at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
        Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authenticationManager': Cannot resolve reference to bean 'kerberosServiceAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'kerberosServiceAuthenticationProvider' defined in ServletContext resource [/WEB-INF/security-config.xml]: Cannot create inner bean 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' of type [org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator] while setting bean property 'ticketValidator'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' defined in ServletContext resource [/WEB-INF/security-config.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Unable to obtain password from user

            at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:150)
            at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:109)
            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:274)
            ... 39 more
        Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authenticationManager': Cannot resolve reference to bean 'kerberosServiceAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'kerberosServiceAuthenticationProvider' defined in ServletContext resource [/WEB-INF/security-config.xml]: Cannot create inner bean 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' of type [org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator] while setting bean property 'ticketValidator'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' defined in ServletContext resource [/WEB-INF/security-config.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Unable to obtain password from user

            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:355)
            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1308)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1067)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
            at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
            at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
            at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
            at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
            at org.springframework.security.config.authentication.AuthenticationManagerFactoryBean.getObject(AuthenticationManagerFactoryBean.java:27)
            at org.springframework.security.config.authentication.AuthenticationManagerFactoryBean.getObject(AuthenticationManagerFactoryBean.java:20)
            at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:143)
            ... 41 more
        Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'kerberosServiceAuthenticationProvider' defined in ServletContext resource [/WEB-INF/security-config.xml]: Cannot create inner bean 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' of type [org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator] while setting bean property 'ticketValidator'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' defined in ServletContext resource [/WEB-INF/security-config.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Unable to obtain password from user

            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:281)
            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:120)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1308)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1067)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
            at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
            at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
            at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
            at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
            ... 55 more
        Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' defined in ServletContext resource [/WEB-INF/security-config.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Unable to obtain password from user

            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1403)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
            at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:270)
            ... 65 more
        Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

            at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:789)
            at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:654)
            at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
            at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
            at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
            at java.security.AccessController.doPrivileged(Native Method)
            at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
            at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
            at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.afterPropertiesSet(SunJaasKerberosTicketValidator.java:125)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1460)
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1400)
            ... 68 more

Server Logs: 

Apr 22, 2015 8:29:38 AM org.apache.catalina.loader.WebappClassLoader validateJarFile
        INFO: validateJarFile(/MY_APP_ITE3/appmanager/50.T0.17/catalina_base/work/Catalina/localhost/app-manager/WEB-INF/lib/j2ee-1.4.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
        Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is file:/MY_APP_ITE3/appmanager/50.T0.17/catalina_base/conf/xyzcard-sit1.keytab refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
        >>> KeyTabInputStream, readName(): SYSTEMS.PRIVATE
        >>> KeyTabInputStream, readName(): HTTP
        >>> KeyTabInputStream, readName(): srv-xyzcard-sit1.systems.private
        >>> KeyTab: load() entry length: 88; type: 23
        Key for the principal HTTP/[email protected] not available in file:/MY_APP_ITE3/appmanager/50.T0.17/catalina_base/conf/xyzcard-sit1.keytab
          [Krb5LoginModule] authentication failed 
        Unable to obtain password from user

        Apr 22, 2015 8:29:52 AM org.apache.catalina.core.StandardContext start
like image 977
codelearner Avatar asked Apr 24 '15 09:04

codelearner

People also ask

Why Kerberos is unable to obtain password from user?

Have someone can help or tell me solution. Unable to obtain password from user is generally thrown from Java Kerberos classes and happens when it cannot use the keytab successfully (typically when it has no access to the keytab file or the file doesn't exist).

How does Kerberos authentication work in Java?

When userName and password are set along with integratedSecurity=true; and the authenticationScheme=JavaKerberos; property, the connection is established with a value of userName as the Kerberos Principal along with the password supplied.

What to do when logincontext authentication fails?

Abort the authentication (second phase). Abort the authentication (second phase). Abort user authentication. This method is called if the LoginContext's overall authentication failed. Deprecated. Commit the authentication (second phase). Commit the authentication (second phase).

How do I establish a Kerberos connection using JDBC driver?

Beginning in Microsoft JDBC Driver 6.2, the driver can establish a Kerberos connection using the Principal Name and Password passed in the connection string. The username property does not require a REALM if the user belongs to the default_realm set in krb5.conf file.

2 Answers

This may be due to property values not been resolved on the security-config. Can you hard code following and try again? 

   <beans:property name="servicePrincipal" value="HTTP/[email protected]"/>
<beans:property name="keyTabLocation" value="file:YOUR KEY TAB LOCATION >>/mykey.keytabl" />

Your error has thrown from javax.security.auth.login.LoginContext's init method so it should be something about keytab file or service principle is not set properly.

like image 145
Charith De Silva Avatar answered Nov 13 '22 11:11

Charith De Silva

Thank you for responding. I have resolved the issue, problem was my keytab. My keytab file was not containing SPN which I was looking for. It was generated with wrong SPN. I tried with some dummy SPNs and found that I was getting same exception then asked team to validate or generate new keytab.

like image 32
codelearner Avatar answered Nov 13 '22 10:11

codelearner
Sign in to Comment

Related questions

Write data in excel(xlsx) sheet having a table
Is there a way in delphi (Pascal object) to make a for each like in java?
Use username and password for ActiveMQ JMS Connection
how to add external jar to hadoop job?
java.lang.IllegalArgumentException: No view found for id 0x7f090047 ("project name":id/content) for fragment FmMenu
Sum attribute of object with Stream API
Thymeleaf: Create dynamic URL query String in thymeleaf
Adding table to existing PDF on the same page - ITEXT
Finding the longest contiguous subsequence in an array
use FutureTask for concurrency
How to change the version of Java that CDH uses
Adding return in finally hides the exception
Java thread start time
Why is there no ICMP instruction?
Return type of getClass method
Spring Controller Return View and JSON Together
How to map the latest child of a collection with JPA and Hibernate
Is there any way to count the number of instructions in java
Enable zoom in WebView android
Java Selenium, how to get linkText (anchor) from link WebElement

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!