Since I do pay for enterprise forum support I might as well use it.
so I got sso working on my test server and then thought I was ready to
go on my new server. I used setspn on active directory to delete
existing spn bindings for the user and then created a new keytab. I
have already done this with the test server and recreated the keytab
and it worked fine. Now when I add the SSO stuff to my live server it
doesn’t work. the client
does have this error though in the warn.log file and it doesn’t mean
much to me:
Mar 16, 2008 10:18:57 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Exception in Login:
not-authorized(401)
at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:94)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 227)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:828)
at org.jivesoftware.LoginDialog$LoginPanel.access$400(LoginDialog.java:196)
at org.jivesoftware.LoginDialog$LoginPanel$1.construct(LoginDialog.java:594)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:129)
at java.lang.Thread.run(Unknown Source)
The only differences are my test server is 3.4.5 and my live server is
3.3.1. Also my live server has 3 valid dns names and when I do an nslookup it lists my chat name as 2nd, not sure if that makes a difference. if you would like to see my openfire.xml just let me know.
Help is much appreciates. this is now what I am seeing in my openfire logs:
2008.03.16 23:26:52 SaslException
javax.security.sasl.SaslException:
Failure to initialize security context [Caused by GSSException: No
valid credentials provided (Mechanism level: Attempt to obtain new
ACCEPT credentials failed!)]
at com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:95)
at com.sun.security.sasl.gsskerb.FactoryImpl.createSaslServer(FactoryImpl.java:67)
at javax.security.sasl.Sasl.createSaslServer(Sasl.java:491)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :220)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:141)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:132)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:703)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:62)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:200)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :266)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:326)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
Caused by: GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.ja va:87)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.jav a:111)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:178)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:384)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:42)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:139)
at com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:78)
… 19 more
Caused by: javax.security.auth.login.LoginException: KDC has no support for encryption type (14)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginMod ule.java:696)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at sun.security.jgss.GSSUtil.login(GSSUtil.java:246)
at sun.security.jgss.krb5.Krb5Util.getKeys(Krb5Util.java:185)
at sun.security.jgss.krb5.Krb5AcceptCredential$1.run(Krb5AcceptCredential.java:82)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.ja va:79)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.ja va:79)
… 25 more
Caused by: KrbException: KDC has no support for encryption type (14)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:406)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:355)
avax.security.sasl.SaslException: Failure to initialize security
context [Caused by GSSException: No valid credentials provided
(Mechanism level: Attempt to obtain new ACCEPT credentials failed!)]
at com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:95)
at com.sun.security.sasl.gsskerb.FactoryImpl.createSaslServer(FactoryImpl.java:67)
at javax.security.sasl.Sasl.createSaslServer(Sasl.java:491)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :220)
I am using this thread http://www.igniterealtime.org/community/docs/DOC-1060
user-roster-edit.patch (738 Bytes)