Java Kerberos 身份验证似乎有效,但仍然被拒绝

发布于 2024-11-18 11:29:09 字数 12119 浏览 3 评论 0 原文

我有一个 Java 客户端应用程序和一个 Java 服务器应用程序,并且我正在尝试通过 Kerberos 向服务器进行身份验证。客户端基本上使用 http-components 和 SPNEGO 进行 HTTP GET 调用,但结果我总是得到 401 Unauthorized

我无法在下面的 Kerberos 登录序列中发现错误,也许你们可以:

Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt f
alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa
lse principal is null tryFirstPass is false useFirstPass is false storePass is f
alse clearPass is false
Kerberos-Benutzername [GP_Myuser]: [email protected]
Kerberos-Passwort f³r [email protected]:
                [Krb5LoginModule] user entered username: GP_Myuser@EESERV.
LOCAL

default etypes for default_tkt_enctypes: 23.
Acquire TGT using AS Exchange
default etypes for default_tkt_enctypes: 23.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of retries =3, #bytes=144
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt=1, #bytes=144
>>> KrbKdcReq send: #bytes read=181
>>> KrbKdcReq send: #bytes read=181
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
         sTime is Tue Jul 05 16:28:31 CEST 2011 1309876111000
         suSec is 250145
         error code is 25
         error Message is Additional pre-authentication required
         realm is EESERV.LOCAL
         sname is krbtgt/EESERV.LOCAL
         eData provided.
         msgType is 30
>>>Pre-Authentication Data:
         PA-DATA type = 11
         PA-ETYPE-INFO etype = 23
         PA-ETYPE-INFO salt =
>>>Pre-Authentication Data:
         PA-DATA type = 19
         PA-ETYPE-INFO2 etype = 23
         PA-ETYPE-INFO2 salt = null
>>>Pre-Authentication Data:
         PA-DATA type = 2
         PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
         PA-DATA type = 16
>>>Pre-Authentication Data:
         PA-DATA type = 15
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
default etypes for default_tkt_enctypes: 23.
>>>KrbAsReq salt is EESERV.LOCALGP_Myuser
default etypes for default_tkt_enctypes: 23.
Pre-Authenticaton: find key for etype = 23
AS-REQ: Add PA_ENC_TIMESTAMP now
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of
 retries =3, #bytes=222
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt=1, #bytes=222
>>> KrbKdcReq send: #bytes read=1450
>>> KrbKdcReq send: #bytes read=1450
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply GP_Myuser
default etypes for default_tkt_enctypes: 23.
principal is [email protected]
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 3D F9 1C A6 3B 94 7B 27   B3
 6C D7 E5 70 77 84 22  =...;..'.l..pw."

Commit Succeeded

Found ticket for [email protected] to go to krbtgt/EESERV.LOCAL@EESER
V.LOCAL expiring on Wed Jul 06 02:28:32 CEST 2011
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 23.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of
 retries =3, #bytes=1452
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt
=1, #bytes=1452
>>> KrbKdcReq send: #bytes read=1436
>>> KrbKdcReq send: #bytes read=1436
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Krb5Context setting mySeqNumber to: 512880730
Created InitSecContextToken:
0000: 01 00 6E 82 05 51 30 82   05 4D A0 03 02 01 05 A1  ..n..Q0..M......
0010: 03 02 01 0E A2 07 03 05   00 20 00 00 00 A3 82 04  ......... ......
0020: 6E 61 82 04 6A 30 82 04   66 A0 03 02 01 05 A1 0E  na..j0..f.......
0030: 1B 0C 45 45 53 45 52 56   2E 4C 4F 43 41 4C A2 24  ..EESERV.LOCAL.$
0040: 30 22 A0 03 02 01 00 A1   1B 30 19 1B 04 48 54 54  0".......0...HTT
0050: 50 1B 11 61 6C 66 2D 74   65 73 74 2E 65 6C 69 6E  P..alf-test.server
0060: 2E 63 6F 6D A3 82 04 27   30 82 04 23 A0 03 02 01  .com...'0..#....
0070: 17 A1 03 02 01 03 A2 82   04 15 04 82 04 11 C2 1E  ................
0080: 14 D0 18 19 AF 82 D3 92   7F 62 96 A9 92 F7 94 5B  .........b.....[
0090: FF CA FE 66 2F C8 A9 C6   36 A2 2E FF EB FB CA 3D  ...f/...6......=
00A0: 5D 5B 59 B5 0F E3 B7 B6   29 C2 62 A3 45 44 42 00  ][Y.....).b.EDB.
00B0: DA 14 3D 83 1E 50 3D AA   A9 9F 0C A6 49 4E F3 51  ..=..P=.....IN.Q
00C0: 67 68 14 A4 D3 49 E6 6F   1C 2C 7D 04 7B F2 6E BD  gh...I.o.,....n.
00D0: 23 07 DD CD 09 DC 89 62   73 0E 06 EE 68 28 39 A4  #......bs...h(9.
00E0: 22 3C 92 C0 22 C0 6B 0B   42 4B 95 B5 E5 AC 77 30  "<..".k.BK....w0
00F0: D8 75 A1 8D E8 FC A5 5A   D6 1D A8 5B D4 15 82 C5  .u.....Z...[....
0100: AE 1E 36 48 72 01 9B 3C   FA A9 60 20 1D 9A 84 20  ..6Hr..<..` ...
0110: 41 3F FA 71 A8 07 9C 50   73 FA 03 2B 8D 94 98 C8  A?.q...Ps..+....
0120: 57 A2 87 09 BF 87 26 62   2B 49 40 6A 67 C4 F1 00  W.....&b+I@jg...
0130: 66 55 D7 75 6D A6 2F 28   3C 68 86 1F 29 E1 7E 10  fU.um./(<h..)...
0140: CD 2B F0 78 A7 23 D9 18   8D 5D 98 F9 7D 00 11 78  .+.x.#...].....x
0150: 7B 5E D3 5E EA EE 74 82   B7 93 A4 DA 0E 3C 61 E6  .^.^..t......<a.
0160: B3 D5 5A F3 67 8C 03 4C   0E E6 42 96 8F E0 99 98  ..Z.g..L..B.....
0170: C2 A0 C6 D3 8F B4 A4 CA   99 C1 8A F0 6E 00 E0 BE  ............n...
0180: 95 7F 1F F5 E7 15 3D 0F   CD 22 51 D9 41 D0 5F 01  ......=.."Q.A._.
0190: 48 EB 47 64 B8 74 BC BE   76 0F AE 4B F4 E6 3A 1E  H.Gd.t..v..K..:.
01A0: 2A 62 85 FA 7E 07 E7 8D   60 EC B9 23 10 E3 1B 1E  *b......`..#....
01B0: C5 90 D2 25 BB C5 2C 05   A3 E2 39 D1 FF 70 CF E7  ...%..,...9..p..
01C0: D5 C6 13 E6 BC 60 55 89   C1 B9 FB 0F E4 5D E7 A5  .....`U......]..
01D0: 95 BA F9 70 EC 06 CB 62   E8 AD F3 29 BA 34 FF C2  ...p...b...).4..
01E0: 95 76 21 9B 0D 0B DE 66   05 0E EE 33 31 E7 BE 52  .v!....f...31..R
01F0: 64 DB 91 8B 55 96 5F E7   2D 2A EA E2 D3 BC 5F CD  d...U._.-*...._.
0200: 46 E5 45 A1 07 68 28 BF   1D 32 7D 04 C0 60 97 78  F.E..h(..2...`.x
0210: 4F 8E 4C 92 2B F1 B2 C3   9B 04 D9 43 02 7F A5 27  O.L.+......C...'
0220: A4 8E 48 EE 5E A9 3B 7E   7F C0 54 0D A5 75 D2 B3  ..H.^.;...T..u..
0230: FC 72 3A 80 F4 9A F1 34   7C 51 54 13 F7 9E FE 79  .r:....4.QT....y
0240: 8F 15 5A A7 9E 47 9B 36   10 33 F3 08 EA F2 33 BB  ..Z..G.6.3....3.
0250: 9F 45 61 ED 91 1F CF 30   05 76 C0 56 FB 38 51 25  .Ea....0.v.V.8Q%
0260: 27 1F 39 A5 C9 F9 0C D2   00 F2 6B E2 28 09 B2 30  '.9.......k.(..0
0270: A2 63 68 FE 46 A5 33 E0   60 BB B2 B5 DA 5A 78 2A  .ch.F.3.`....Zx*
0280: 37 FE 16 0D 8E E6 97 52   47 28 B2 D0 92 DB F3 CD  7......RG(......
0290: 9A 5F 98 16 4E C9 96 2C   00 7C FE 96 B0 DE CD 6D  ._..N..,.......m
02A0: 5A BC 13 1B E2 E7 F6 74   DE DC 2B B7 16 AB C0 0F  Z......t..+.....
02B0: BA 4C 08 C3 4F 25 3C 1A   9A E5 36 32 8E D9 C7 10  .L..O%<...62....
02C0: 62 F2 13 BB 62 B4 C5 F2   9D 69 DB 6C 0C 37 E1 AF  b...b....i.l.7..
02D0: F5 C6 D9 CD B5 F6 60 A2   93 DD 98 8C B2 59 C7 7A  ......`......Y.z
02E0: 50 4D 27 7B CC DA C9 28   9D 05 9C E8 FC 57 F8 4A  PM'....(.....W.J
02F0: 12 67 ED 7E 23 AB B5 FB   8A B7 CE 4D DA 1B 7F 1A  .g..#......M....
0300: B3 6F DF 42 9F C4 90 C9   35 D9 77 33 CD 6C C5 B5  .o.B....5.w3.l..
0310: C2 A8 15 8C AE BD AE 5F   0A 0A AB 7C 8C F8 E2 9F  ......._........
0320: 27 3C 27 85 B3 97 D9 9D   DA 6E 56 25 3B BA D5 FB  '<'......nV%;...
0330: AB 24 8B BE B7 26 12 7F   B6 25 E5 26 DE 8D 54 AA  .$...&...%.&..T.
0340: 0B 68 DB 4B 81 AD 9C FD   88 0F 7D 6A 97 79 E5 0F  .h.K.......j.y..
0350: 5B 82 43 6F 05 AE C0 EB   77 A6 E3 39 BE 85 6E F0  [.Co....w..9..n.
0360: B5 F5 0B 13 E7 CC 7B 1E   81 4F 37 77 BB 02 26 C2  .........O7w..&.
0370: D7 2C 80 CD 62 91 A7 0C   F8 D1 76 5C 21 39 A0 93  .,..b.....v\!9..
0380: 83 04 0A F7 1F C3 4B 0B   34 85 2D 90 75 4E FE 31  ......K.4.-.uN.1
0390: 61 BF D8 F3 36 B5 40 BA   06 F8 47 33 D4 DD EE 2A  [email protected]...*
03A0: 9C FB 5E 51 7A 25 F7 C1   3F 4D 58 73 F2 4A 50 EA  ..^Qz%..?MXs.JP.
03B0: 68 09 27 85 F3 2E BB EA   8E B4 D3 7C DC 3B 52 71  h.'..........;Rq
03C0: 87 34 1B 6F 80 D1 D2 F1   7D C3 9E C4 C3 79 8A A7  .4.o.........y..
03D0: DA 0B A2 69 7C DE D5 67   C7 20 AD 97 A2 98 6A E3  ...i...g. ....j.
03E0: A3 59 BD D2 B6 19 18 1D   AB A7 58 3A 56 16 ED 2A  .Y........X:V..*
03F0: 75 73 4E DB 02 B5 77 4B   F5 9D 1D A4 36 ED 39 26  usN...wK....6.9&
0400: B8 A4 CD 7C 79 5E 11 3C   36 9D DA DA E7 F5 D2 9F  ....y^.<6.......
0410: BA 4B 45 E0 67 E5 4F 33   9E 0B 60 E6 76 EB 02 AC  .KE.g.O3..`.v...
0420: CC 24 C4 EB 37 C4 31 B7   EA F3 EA 5B 39 D6 E3 0A  .$..7.1....[9...
0430: DC F8 DE 8B 18 8C E0 25   5C 4B 85 38 B0 99 04 9C  .......%\K.8....
0440: 61 75 17 E3 E6 0C 88 D9   7B C4 9A 2D 25 B3 C1 FE  au.........-%...
0450: 9F FD 12 4F E0 DF CF E6   C1 BA 68 00 32 E8 1F 9A  ...O......h.2...
0460: 2F 0E FB 44 59 53 8B 43   C5 B6 24 D3 76 B4 04 D2  /..DYS.C..$.v...
0470: 39 A9 21 41 EC A3 78 D1   9B 07 64 10 5B 64 EB 18  9.!A..x...d.[d..
0480: 08 5B 2C 45 90 53 C9 90   A0 4C 15 AF 8A D4 80 A4  .[,E.S...L......
0490: 81 C5 30 81 C2 A0 03 02   01 17 A2 81 BA 04 81 B7  ..0.............
04A0: CB D6 6F 4E E7 6C 78 93   EF 6D EA 0C C8 A9 6B 37  ..oN.lx..m....k7
04B0: EB 0E 9C C5 86 9E E6 BA   0D 88 26 BA FE A8 83 86  ..........&.....
04C0: D4 06 52 50 AF 48 BC 8F   66 08 F1 1E A4 97 5E 05  ..RP.H..f.....^.
04D0: 24 B4 DC 44 94 F3 5D 3D   07 17 10 33 15 D8 E0 0C  $..D..]=...3....
04E0: E8 E8 0F 70 E6 23 B3 FF   D5 23 63 02 A4 6B 86 C9  ...p.#...#c..k..
04F0: 88 96 FA 8B 02 3C E6 C6   19 7E 86 58 D5 07 80 8F  .....<.....X....
0500: 21 10 7A F8 2D E2 C0 AE   33 19 A3 87 8F 18 03 A0  !.z.-...3.......
0510: 22 13 37 66 D5 CA 02 02   E9 51 87 D5 E5 7D 3E 84  ".7f.....Q....>.
0520: 6E 62 4A 0B 04 8D CF 79   07 DE 69 3B 49 95 B1 80  nbJ....y..i;I...
0530: F4 9A 86 62 8D BD F4 DA   FB BC 69 97 9A 8D DE 92  ...b......i.....
0540: 0E 8A 65 E7 7C 62 E1 3D   E6 93 AD 6F 0A 53 00 B0  ..e..b.=...o.S..
0550: 2F E7 09 A6 1B 01 72                               /.....r

05.07.2011 16:28:33 org.apache.http.impl.client.DefaultRequestDirector tryExecute
INFO: I/O exception (org.apache.http.NoHttpResponseException) caught when proces
sing request: The target server failed to respond
05.07.2011 16:28:33 org.apache.http.impl.client.DefaultRequestDirector tryExecute
INFO: Retrying request
----------------------------------------
HTTP/1.1 401 Unauthorized
----------------------------------------
<html><head>
<meta http-equiv="Refresh" content="0; url=/share/page?pt=login">
</head><body><p>Please <a href="/share/page?pt=login">log in</a>.</p>
</body></html>

----------------------------------------

I've got a Java client app and a Java server app, and I'm trying to authenticate to the server via Kerberos. The client basically uses http-components and SPNEGO to make a HTTP GET call, but I always get 401 Unauthorized as a result.

I can not spot the error in the Kerberos login sequence below, maybe you guys can:

Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt f
alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa
lse principal is null tryFirstPass is false useFirstPass is false storePass is f
alse clearPass is false
Kerberos-Benutzername [GP_Myuser]: [email protected]
Kerberos-Passwort f³r [email protected]:
                [Krb5LoginModule] user entered username: GP_Myuser@EESERV.
LOCAL

default etypes for default_tkt_enctypes: 23.
Acquire TGT using AS Exchange
default etypes for default_tkt_enctypes: 23.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of retries =3, #bytes=144
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt=1, #bytes=144
>>> KrbKdcReq send: #bytes read=181
>>> KrbKdcReq send: #bytes read=181
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
         sTime is Tue Jul 05 16:28:31 CEST 2011 1309876111000
         suSec is 250145
         error code is 25
         error Message is Additional pre-authentication required
         realm is EESERV.LOCAL
         sname is krbtgt/EESERV.LOCAL
         eData provided.
         msgType is 30
>>>Pre-Authentication Data:
         PA-DATA type = 11
         PA-ETYPE-INFO etype = 23
         PA-ETYPE-INFO salt =
>>>Pre-Authentication Data:
         PA-DATA type = 19
         PA-ETYPE-INFO2 etype = 23
         PA-ETYPE-INFO2 salt = null
>>>Pre-Authentication Data:
         PA-DATA type = 2
         PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
         PA-DATA type = 16
>>>Pre-Authentication Data:
         PA-DATA type = 15
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
default etypes for default_tkt_enctypes: 23.
>>>KrbAsReq salt is EESERV.LOCALGP_Myuser
default etypes for default_tkt_enctypes: 23.
Pre-Authenticaton: find key for etype = 23
AS-REQ: Add PA_ENC_TIMESTAMP now
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of
 retries =3, #bytes=222
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt=1, #bytes=222
>>> KrbKdcReq send: #bytes read=1450
>>> KrbKdcReq send: #bytes read=1450
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply GP_Myuser
default etypes for default_tkt_enctypes: 23.
principal is [email protected]
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 3D F9 1C A6 3B 94 7B 27   B3
 6C D7 E5 70 77 84 22  =...;..'.l..pw."

Commit Succeeded

Found ticket for [email protected] to go to krbtgt/EESERV.LOCAL@EESER
V.LOCAL expiring on Wed Jul 06 02:28:32 CEST 2011
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 23.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000, number of
 retries =3, #bytes=1452
>>> KDCCommunication: kdc=atlnztdc01.eeserv.local UDP:88, timeout=30000,Attempt
=1, #bytes=1452
>>> KrbKdcReq send: #bytes read=1436
>>> KrbKdcReq send: #bytes read=1436
>>> KdcAccessibility: remove atlnztdc01.eeserv.local:88
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Krb5Context setting mySeqNumber to: 512880730
Created InitSecContextToken:
0000: 01 00 6E 82 05 51 30 82   05 4D A0 03 02 01 05 A1  ..n..Q0..M......
0010: 03 02 01 0E A2 07 03 05   00 20 00 00 00 A3 82 04  ......... ......
0020: 6E 61 82 04 6A 30 82 04   66 A0 03 02 01 05 A1 0E  na..j0..f.......
0030: 1B 0C 45 45 53 45 52 56   2E 4C 4F 43 41 4C A2 24  ..EESERV.LOCAL.$
0040: 30 22 A0 03 02 01 00 A1   1B 30 19 1B 04 48 54 54  0".......0...HTT
0050: 50 1B 11 61 6C 66 2D 74   65 73 74 2E 65 6C 69 6E  P..alf-test.server
0060: 2E 63 6F 6D A3 82 04 27   30 82 04 23 A0 03 02 01  .com...'0..#....
0070: 17 A1 03 02 01 03 A2 82   04 15 04 82 04 11 C2 1E  ................
0080: 14 D0 18 19 AF 82 D3 92   7F 62 96 A9 92 F7 94 5B  .........b.....[
0090: FF CA FE 66 2F C8 A9 C6   36 A2 2E FF EB FB CA 3D  ...f/...6......=
00A0: 5D 5B 59 B5 0F E3 B7 B6   29 C2 62 A3 45 44 42 00  ][Y.....).b.EDB.
00B0: DA 14 3D 83 1E 50 3D AA   A9 9F 0C A6 49 4E F3 51  ..=..P=.....IN.Q
00C0: 67 68 14 A4 D3 49 E6 6F   1C 2C 7D 04 7B F2 6E BD  gh...I.o.,....n.
00D0: 23 07 DD CD 09 DC 89 62   73 0E 06 EE 68 28 39 A4  #......bs...h(9.
00E0: 22 3C 92 C0 22 C0 6B 0B   42 4B 95 B5 E5 AC 77 30  "<..".k.BK....w0
00F0: D8 75 A1 8D E8 FC A5 5A   D6 1D A8 5B D4 15 82 C5  .u.....Z...[....
0100: AE 1E 36 48 72 01 9B 3C   FA A9 60 20 1D 9A 84 20  ..6Hr..<..` ...
0110: 41 3F FA 71 A8 07 9C 50   73 FA 03 2B 8D 94 98 C8  A?.q...Ps..+....
0120: 57 A2 87 09 BF 87 26 62   2B 49 40 6A 67 C4 F1 00  W.....&b+I@jg...
0130: 66 55 D7 75 6D A6 2F 28   3C 68 86 1F 29 E1 7E 10  fU.um./(<h..)...
0140: CD 2B F0 78 A7 23 D9 18   8D 5D 98 F9 7D 00 11 78  .+.x.#...].....x
0150: 7B 5E D3 5E EA EE 74 82   B7 93 A4 DA 0E 3C 61 E6  .^.^..t......<a.
0160: B3 D5 5A F3 67 8C 03 4C   0E E6 42 96 8F E0 99 98  ..Z.g..L..B.....
0170: C2 A0 C6 D3 8F B4 A4 CA   99 C1 8A F0 6E 00 E0 BE  ............n...
0180: 95 7F 1F F5 E7 15 3D 0F   CD 22 51 D9 41 D0 5F 01  ......=.."Q.A._.
0190: 48 EB 47 64 B8 74 BC BE   76 0F AE 4B F4 E6 3A 1E  H.Gd.t..v..K..:.
01A0: 2A 62 85 FA 7E 07 E7 8D   60 EC B9 23 10 E3 1B 1E  *b......`..#....
01B0: C5 90 D2 25 BB C5 2C 05   A3 E2 39 D1 FF 70 CF E7  ...%..,...9..p..
01C0: D5 C6 13 E6 BC 60 55 89   C1 B9 FB 0F E4 5D E7 A5  .....`U......]..
01D0: 95 BA F9 70 EC 06 CB 62   E8 AD F3 29 BA 34 FF C2  ...p...b...).4..
01E0: 95 76 21 9B 0D 0B DE 66   05 0E EE 33 31 E7 BE 52  .v!....f...31..R
01F0: 64 DB 91 8B 55 96 5F E7   2D 2A EA E2 D3 BC 5F CD  d...U._.-*...._.
0200: 46 E5 45 A1 07 68 28 BF   1D 32 7D 04 C0 60 97 78  F.E..h(..2...`.x
0210: 4F 8E 4C 92 2B F1 B2 C3   9B 04 D9 43 02 7F A5 27  O.L.+......C...'
0220: A4 8E 48 EE 5E A9 3B 7E   7F C0 54 0D A5 75 D2 B3  ..H.^.;...T..u..
0230: FC 72 3A 80 F4 9A F1 34   7C 51 54 13 F7 9E FE 79  .r:....4.QT....y
0240: 8F 15 5A A7 9E 47 9B 36   10 33 F3 08 EA F2 33 BB  ..Z..G.6.3....3.
0250: 9F 45 61 ED 91 1F CF 30   05 76 C0 56 FB 38 51 25  .Ea....0.v.V.8Q%
0260: 27 1F 39 A5 C9 F9 0C D2   00 F2 6B E2 28 09 B2 30  '.9.......k.(..0
0270: A2 63 68 FE 46 A5 33 E0   60 BB B2 B5 DA 5A 78 2A  .ch.F.3.`....Zx*
0280: 37 FE 16 0D 8E E6 97 52   47 28 B2 D0 92 DB F3 CD  7......RG(......
0290: 9A 5F 98 16 4E C9 96 2C   00 7C FE 96 B0 DE CD 6D  ._..N..,.......m
02A0: 5A BC 13 1B E2 E7 F6 74   DE DC 2B B7 16 AB C0 0F  Z......t..+.....
02B0: BA 4C 08 C3 4F 25 3C 1A   9A E5 36 32 8E D9 C7 10  .L..O%<...62....
02C0: 62 F2 13 BB 62 B4 C5 F2   9D 69 DB 6C 0C 37 E1 AF  b...b....i.l.7..
02D0: F5 C6 D9 CD B5 F6 60 A2   93 DD 98 8C B2 59 C7 7A  ......`......Y.z
02E0: 50 4D 27 7B CC DA C9 28   9D 05 9C E8 FC 57 F8 4A  PM'....(.....W.J
02F0: 12 67 ED 7E 23 AB B5 FB   8A B7 CE 4D DA 1B 7F 1A  .g..#......M....
0300: B3 6F DF 42 9F C4 90 C9   35 D9 77 33 CD 6C C5 B5  .o.B....5.w3.l..
0310: C2 A8 15 8C AE BD AE 5F   0A 0A AB 7C 8C F8 E2 9F  ......._........
0320: 27 3C 27 85 B3 97 D9 9D   DA 6E 56 25 3B BA D5 FB  '<'......nV%;...
0330: AB 24 8B BE B7 26 12 7F   B6 25 E5 26 DE 8D 54 AA  .$...&...%.&..T.
0340: 0B 68 DB 4B 81 AD 9C FD   88 0F 7D 6A 97 79 E5 0F  .h.K.......j.y..
0350: 5B 82 43 6F 05 AE C0 EB   77 A6 E3 39 BE 85 6E F0  [.Co....w..9..n.
0360: B5 F5 0B 13 E7 CC 7B 1E   81 4F 37 77 BB 02 26 C2  .........O7w..&.
0370: D7 2C 80 CD 62 91 A7 0C   F8 D1 76 5C 21 39 A0 93  .,..b.....v\!9..
0380: 83 04 0A F7 1F C3 4B 0B   34 85 2D 90 75 4E FE 31  ......K.4.-.uN.1
0390: 61 BF D8 F3 36 B5 40 BA   06 F8 47 33 D4 DD EE 2A  [email protected]...*
03A0: 9C FB 5E 51 7A 25 F7 C1   3F 4D 58 73 F2 4A 50 EA  ..^Qz%..?MXs.JP.
03B0: 68 09 27 85 F3 2E BB EA   8E B4 D3 7C DC 3B 52 71  h.'..........;Rq
03C0: 87 34 1B 6F 80 D1 D2 F1   7D C3 9E C4 C3 79 8A A7  .4.o.........y..
03D0: DA 0B A2 69 7C DE D5 67   C7 20 AD 97 A2 98 6A E3  ...i...g. ....j.
03E0: A3 59 BD D2 B6 19 18 1D   AB A7 58 3A 56 16 ED 2A  .Y........X:V..*
03F0: 75 73 4E DB 02 B5 77 4B   F5 9D 1D A4 36 ED 39 26  usN...wK....6.9&
0400: B8 A4 CD 7C 79 5E 11 3C   36 9D DA DA E7 F5 D2 9F  ....y^.<6.......
0410: BA 4B 45 E0 67 E5 4F 33   9E 0B 60 E6 76 EB 02 AC  .KE.g.O3..`.v...
0420: CC 24 C4 EB 37 C4 31 B7   EA F3 EA 5B 39 D6 E3 0A  .$..7.1....[9...
0430: DC F8 DE 8B 18 8C E0 25   5C 4B 85 38 B0 99 04 9C  .......%\K.8....
0440: 61 75 17 E3 E6 0C 88 D9   7B C4 9A 2D 25 B3 C1 FE  au.........-%...
0450: 9F FD 12 4F E0 DF CF E6   C1 BA 68 00 32 E8 1F 9A  ...O......h.2...
0460: 2F 0E FB 44 59 53 8B 43   C5 B6 24 D3 76 B4 04 D2  /..DYS.C..$.v...
0470: 39 A9 21 41 EC A3 78 D1   9B 07 64 10 5B 64 EB 18  9.!A..x...d.[d..
0480: 08 5B 2C 45 90 53 C9 90   A0 4C 15 AF 8A D4 80 A4  .[,E.S...L......
0490: 81 C5 30 81 C2 A0 03 02   01 17 A2 81 BA 04 81 B7  ..0.............
04A0: CB D6 6F 4E E7 6C 78 93   EF 6D EA 0C C8 A9 6B 37  ..oN.lx..m....k7
04B0: EB 0E 9C C5 86 9E E6 BA   0D 88 26 BA FE A8 83 86  ..........&.....
04C0: D4 06 52 50 AF 48 BC 8F   66 08 F1 1E A4 97 5E 05  ..RP.H..f.....^.
04D0: 24 B4 DC 44 94 F3 5D 3D   07 17 10 33 15 D8 E0 0C  $..D..]=...3....
04E0: E8 E8 0F 70 E6 23 B3 FF   D5 23 63 02 A4 6B 86 C9  ...p.#...#c..k..
04F0: 88 96 FA 8B 02 3C E6 C6   19 7E 86 58 D5 07 80 8F  .....<.....X....
0500: 21 10 7A F8 2D E2 C0 AE   33 19 A3 87 8F 18 03 A0  !.z.-...3.......
0510: 22 13 37 66 D5 CA 02 02   E9 51 87 D5 E5 7D 3E 84  ".7f.....Q....>.
0520: 6E 62 4A 0B 04 8D CF 79   07 DE 69 3B 49 95 B1 80  nbJ....y..i;I...
0530: F4 9A 86 62 8D BD F4 DA   FB BC 69 97 9A 8D DE 92  ...b......i.....
0540: 0E 8A 65 E7 7C 62 E1 3D   E6 93 AD 6F 0A 53 00 B0  ..e..b.=...o.S..
0550: 2F E7 09 A6 1B 01 72                               /.....r

05.07.2011 16:28:33 org.apache.http.impl.client.DefaultRequestDirector tryExecute
INFO: I/O exception (org.apache.http.NoHttpResponseException) caught when proces
sing request: The target server failed to respond
05.07.2011 16:28:33 org.apache.http.impl.client.DefaultRequestDirector tryExecute
INFO: Retrying request
----------------------------------------
HTTP/1.1 401 Unauthorized
----------------------------------------
<html><head>
<meta http-equiv="Refresh" content="0; url=/share/page?pt=login">
</head><body><p>Please <a href="/share/page?pt=login">log in</a>.</p>
</body></html>

----------------------------------------

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

空城之時有危險 2024-11-25 11:29:10

您的 Kerberos 配置可能完全没问题。 401 消息意味着身份验证本身可能进展顺利。但是,我怀疑网络应用程序仅允许用户分配角色。 SPNego 机制不会立即分配此类角色。您仍然需要配置执行映射的领域。

另请参阅我在 Tomcat 用户邮件列表上的问题。
https://mail- archives.apache.org/mod_mbox/tomcat-users/201210.mbox/%[电子邮件受保护]%3E

Your Kerberos configuration might be completely fine. The 401 messsage means that the authentication itself probably went fine. However, i suspect the webapp only allows users if they are assigned a Role. The SPNego mechanism does not assign such role out-of-the-box. You still need to configure a Realm that performs the mapping.

See also my question on the Tomcat users mailing list.
https://mail-archives.apache.org/mod_mbox/tomcat-users/201210.mbox/%[email protected]%3E

じее 2024-11-25 11:29:10

您在服务器端使用什么库?您是否启用了调试标志来查看服务器处理服务票证时会发生什么情况?

What library do you use on the server side? Did you enable debug flags to see what happens when the server processes the service ticket?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文