RE: Tomcat7 and SPNEGO configuration questions

Pardon my apparent dislexia: > This snippet is from openjdk; > http://cr.openjdk.java.net/~weijun/6966259/webrev.01/src/share/classes/sun/security/krb5/internal/KDCRep.java.html. > There's also Oracle's > http://www.docjar.com/html/api/sun/security/krb5/internal/KDCReq.java.html. > It doesn't h

RE: Tomcat7 and SPNEGO configuration questions

James, Regarding your question a), HTTP 401 is a tangle of both "not authenticated" and "not authorized". You're at least getting through authentication of the end user. At least that's my interpretation of Krb5Context logging of "KrbApReq: authenticate succeed." and logged values for mySeqNum

RE: Tomcat7 and SPNEGO configuration questions

I've tried an AES128 keytab and matching krb5.conf; this didn't get any further. Edward ____ From: Edward Siewick [esiew...@ementum.com] Sent: Monday, June 10, 2013 3:31 PM To: Tomcat Users List Subject: RE: Tomcat7 and SPNEGO configuration questi

RE: Tomcat7 and SPNEGO configuration questions

he SPNEGO authenticator will work with any Realm but if used with the JNDI Realm, by default the JNDI Realm will use the user's delegated credentials to connect to the Active Directory." From: Felix Schumacher [felix.schumac...@internetal

RE: Tomcat7 and SPNEGO configuration questions

KdcReq send: #bytes read=1611 >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType >>> KrbAsRep cons in KrbAsReq.getReply HTTP/openid-linux.openidmdev.com principal is HTTP/openid-linux.openidmdev@openidmdev.com EncryptionKey: keyType=18 keyBytes (hex dump)=

RE: Tomcat7 and SPNEGO configuration questions

From: Felix Schumacher [felix.schumac...@internetallee.de] Sent: Friday, May 31, 2013 3:22 PM To: users@tomcat.apache.org Subject: Re: Tomcat7 and SPNEGO configuration questions Hi Edward. Am Freitag, den 31.05.2013, 13:24 -0500 schrieb Edward Siewick

RE: Tomcat7 and SPNEGO configuration questions

From: Felix Schumacher [felix.schumac...@internetallee.de] Sent: Friday, May 31, 2013 1:18 PM To: users@tomcat.apache.org Subject: Re: Tomcat7 and SPNEGO configuration questions Am Freitag, den 31.05.2013, 10:17 -0500 schrieb Edward Siewick: >&

RE: Tomcat7 and SPNEGO configuration questions

>> >> Well-founded guidance, clues, and even good guesses are all welcome. >> > > Answering in the spirit of your last phrase above (because I really know > nothing about the > Tomcat SPNEGO Valve, and very little about Kerberos) : > > The error message : > > javax.security.auth.login.LoginExce

Tomcat7 and SPNEGO configuration questions

Hi. I'm trying to get a baseline configuration working, following the http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html. I'm apparently off in the weeds having missed something, though. So I'd really appreciate a sanity check of my configuration, and the testcase I'm attempting.