powered by Jive Software

Kerberos based login using smack library with GSSAPI failing due to GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)

I am trying to login to our company jabber server using kerberos based login, e.g.

ConnectionConfiguration config = new ConnectionConfiguration(“jabber”, 5222);
config.setSASLAuthenticationEnabled(true);
config.setDebuggerEnabled(true);
config.setReconnectionAllowed(true);

XMPPConnection connection = new XMPPConnection(config);
connection.getSASLAuthentication().registerSASLMechanism(“GSSAPI”,SASLGSSAPIMec hanism.class);
connection.connect();
connection.login(“shahbhat”, “”, “Smacktest”);

With gss.conf of

com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=true useTicketCache=true;
};

But I am getting

GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:1 33)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.jav a:72)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:389)
at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:60)
at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:37)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:96)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:178)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.jav a:155)
at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:118)
at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanis m.java:86)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 308)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:395)
at Driver.main(Driver.java:49)
Exception in thread “main” SASL authentication failed:
– caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided]
at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:125)
at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanis m.java:86)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 308)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:395)
at Driver.main(Driver.java:49)
Nested Exception:
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.jav a:174)
at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:118)
at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanis m.java:86)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 308)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:395)
at Driver.main(Driver.java:49)
Caused by: GSSException: No valid credentials provided
at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:69)
at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:37)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:96)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:178)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.jav a:155)

Any idea how to fix this error, thanks.

More details are needed:

  • What OS is this running on?

  • Do you have a gss.conf, and if so what is in it?

I posted gss.conf in my original message, but here it’s again:

With gss.conf of

com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=true useTicketCache=true;
};

I am testing on MacOS, but would need this feature on Windows and Linux as well. Thanks.