vpouli wrote:
> hello, > I have added to my kerberos database the following principal: > "http://localhost:8080/axis/services/test"; . > (It' s in a url format instead of being in the format: > service/[EMAIL PROTECTED]) Even if you could add this, the use of localhost is relative to the local host and is not unique. Principals normally have service/[EMAIL PROTECTED] What you should be using isw HTTP/your.full.host.name > So, the thing is that I would like to acquire a service ticket for that > principal. > To request a service ticket I am using gss api and follow the next > steps: > > class KrbClient{ > main(){ > .... > //I have acquired the credentials from the ticket cache > ... > PrincipalName serviceName = new > PrincipalName("http://localhost:8080/axis/services/test";); > > // create the tgs_req to ask for service tickets > sun.security.krb5.KrbTgsReq tgs_req = new > sun.security.krb5.KrbTgsReq(credentials, serviceName); > > tgs_req.send(); > > // get tgs_rep > KrbTgsRep tgs_rep = tgs_req.getReply(); > } > } > > and it gets the folllowing error: > > KrbException: Server not found in Kerberos database (7) > at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:67) > at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:235) > at KrbClient.requestServiceTicket(KrbClient.java:142) > at KrbClient.main(KrbClient.java:39) > Caused by: KrbException: Identifier doesn't match expected value (906) > at sun.security.krb5.internal.KDCRep.init(KDCRep.java:134) > at sun.security.krb5.internal.TGSRep.init(TGSRep.java:59) > at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:54) > at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:50) > ... 3 more > >>From the debugging of gss api: > >>>>KRBError: > > sTime is Mon May 22 19:07:26 EEST 2006 1148314046000 > suSec is 722233 > error code is 7 > error Message is Server not found in Kerberos database > crealm is GRID.ORG > cname is vpouli > realm is GRID.ORG > sname is http://localhost:8080/axis/services/test > >>From the kdc log file: > 2006-05-22T19:40:59 TGS-REQ [EMAIL PROTECTED] from IPv4:147.102.183.137 > for http:/\/localhost:8080/axis/services/[EMAIL PROTECTED] > 2006-05-22T19:40:59 Server not found in database: > http:/\/localhost:8080/axis/services/[EMAIL PROTECTED]: No such entry in > the database > 2006-05-22T19:40:59 sending 155 bytes to IPv4:147.102.183.137 > > What I see, is that when I request a ticket for a service principal > which contains "//" (like in http://localhost....) it puts an escape > character '\' between '//' and tries to find "http:/\/localhost..." > instead of "http://localhost....";. > > Is there something I can do about it? > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
