Help getting authentication=

Greetings,
I could use some help with getting tomcat 5.5.12 to use Kerberos against Microsoft Active Directory.
I have been using Ethereal to sniff the packets going back and forth from tomcat and I verified that with a normal server.xml entry (remove the authentication attribute keyword below), it uses 'simple'
authentication (clear text passwords).
My original server.xml works just fine but now I'm trying to take it to next level and I found documentation (jdk-1_5_0-doc.zip\docs\guide\jndi\jndi-ldap.html)
specifies that there are the following values:
- EXTERNAL (RFC 2222). This mechanism obtains authentication information from an external source (such as SSL/TLS or IPsec).
- DIGEST-MD5 (RFC 2831) is for Digest Authentication.
- GSSAPI (RFC 2222) is for Kerberos V5 authentication.
I wish to use GSSAPI to talk with Active Directory so I setup my server.xml with the following :
<Realm className="org.apache.catalina.realm.JNDIRealm"
     debug="4"
     authentication="GSSAPI"
     connectionName="CN=Klotz\, Dennis,OU=myou,DC=company,DC=com"
     connectionPassword="myPassword"
     connectionURL="ldap://10.16.0.xx:389"
     alternateURL="ldap://10.16.0.xx:389"
     userBase="OU= myou,DC=company,DC=com"
     userSearch="(sAMAccountName={0})"
     userSubtree="true"
     userRoleName="memberOf"
/>And now I get a different type of error from Catalina.out:
Oct 28, 2005 2:28:47 PM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)
        at
sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential
.java:133)
.....At least the GSSAPI is being recognized! My next step was talking with IT; they suggested a c:\winnt\krb5.ini with the following contents:
[libdefaults]
default_realm = COMPANY.COM
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
[realms]
COMPANY.COM = {
kdc = addy.mycompany.com:88
admin_server = addy. mycompany.com:88
kpasswd_server = addy. mycompany.com:464 default_domain = COMPANY.COM }And that I then execute:
$ kinit DKlotz
Password for [email protected]:mypassword New ticket is stored in cache file C:\Documents and Settings\DKlotz\krb5cc_dklotzBut as you can see from the previous tomcat error log that something is still missing. Do I need to move the cache file or do other commands so that the code within ldap.jar can use it?
At this time tomcat never tries connecting to the LDAP server as it can't get out of the starting gate. I've got something wrong / missing from the Kerberos setup.
Any help is greatly appreciated!!
-Dennis Klotz

Ok I've made progress, whether it is backwards or not, I don't know yet.
I've added :
-Djavax.security.auth.useSubjectCredsOnly=false
To my Catalina options environment variable in Catalina.bat.
Now I get the error:
WARNING: Exception performing authentication
java.lang.SecurityException: Unable to locate a login configuration
     at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
     at java.lang.Class.newInstance0(Class.java:350)
     at java.lang.Class.newInstance(Class.java:303)
     at javax.security.auth.login.Configuration$3.run(Configuration.java:216)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:210)
     at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
     at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
     at sun.security.jgss.LoginUtility.login(LoginUtility.java:72)
     at sun.security.jgss.krb5.Krb5Util.getTicketFromSubject(Krb5Util.java:137)
     at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:331)
     at java.security.AccessController.doPrivileged(Native Method)
     at sun.security.jgss.krb5.Krb5InitCredential.getTgtFromSubject(Krb5InitCredential.java:328)
     at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:131)
     at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:72)
     at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
     at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:389)
     at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:60)
     at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:37)
     at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:96)
     at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:178)
     at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)
     at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:155)
     at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105)
     at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
     at javax.naming.InitialContext.init(InitialContext.java:223)
     at javax.naming.InitialContext.<init>(InitialContext.java:197)
     at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
     at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:1515)
     at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:1601)
     at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1004)
     at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
     at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1012)
     at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
     at org.apache.catalina.core.StandardService.start(StandardService.java:450)
     at org.apache.catalina.core.StandardServer.start(StandardServer.java:683)
     at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:585)
     at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
     at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)
Caused by: java.io.IOException: Unable to locate a login configuration
     at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
     at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
     ... 56 moreAm I moving in the right direction?
-Dennis

Similar Messages

  • Hot to get authentication header in Salesforce

    Hi,
    How can i get authentication header of Eloqua  using salesforce?
    I am forming the request as given in the below link.
    http://topliners.eloqua.com/community/code_it/blog/2012/09/21/eloqua-rest-api--authenticating
    Syntax: siteName + '\' + username + ':' + password
    Example: COMPANYX\user1:password123
    Do i need to use salesforce session id to get the authentication header?

    Hi Arjun,
    The format you're using looks right, but it should also be base-64 encoded when included in the header.
    The following header example uses basic authentication and base-64 encoded credentials :
    Authorization: Basic Q09NUEFOWVhcdXNlcjE6cGFzc3dvcmQxMjM=
    Hope this helps.
    Thanks,
    Freds

  • Why can't I sign into the YouTube app. I just get authentication error

    Why can't I sign into the YouTube app. I just get authentication error

    No it isnt an issue with the youtube account- i have no problem signing in to youtube. I can even sign into the Google Youtube app.  What i cannot sign into is the Apple Youtube app- the one linked to by Safari when you click on a youtube video. Please help me solve this problem as your current answer isnt helpful, thanks

  • How can I get authentication and authorization through OS X open directory with the Sun ZFS STOR ZS3-2

    how can I get authentication and authorization through OS X open directory with the Sun ZFS STOR ZS3-2
    I have configure NFS, I need help configuring the share that I created in the Sun ZFS STOR ZS3-2 to connect with the OS X Open Directory

    Hi,
        You may  try checking the help page for ldap configuration :
    https://<Appliance_IP>:215/wiki/index.php/Configuration:Services:LDAP
    ZFS Storage supports LDAP, NIS, AD as directory service.
    Hope Open Directory is also based on LDAP and may work in similar fashion.
    Thanks
    Nitin

  • Getting Authentication Prompt in SharePoint 2013

    Hi,
    I am randomly get authentication prompts in SharePoint 2013 when performing a search.  Please assist me what is causing this and how to resolve .
    I am using IE -8(32 bit).
    Please guide me on this.
    Thanks in advance

    Hi,
    Try below URL they might help you
    http://www.sharepointdiary.com/2012/04/sharepoint-keeps-asking-for-password.html
    http://blogs.c5insight.com/Home/tabid/40/entryid/245/Tips-to-Avoid-Login-Prompts-in-SharePoint.aspx
    Regards
    PT

  • Help getting mail for exchange to work against a S...

    We are trying to set up mail for exchange on a nokia e66 phone, but we cant get it to connect.
    I have followed this guide:
    http://europe.nokia.com/support/product-support/no​kia-e66/email/mail-for-exchange
    But on picture 15 and 16 i unsure what to put in.
    When we connect to OMA from external we are using:
    https://publicip/oma - this works, and we get authenticating box.
    Also we can use https://publicip/exchange - this also works.
    Could anyone help me here?
    Best Regards
    SoftwareCon

    Hi,
    The Server Name should be "mail.domainname.co.uk". I'm not telling you to drop the .com/co.uk from the Server Name! Just drop the '/exchange' from the Server Name.
    Try accessing this via the IE. I mean the whole qualified name "http://mail.domainname.co.uk/exchange". It should prompt u for a User ID and Password? The try logging in by prefixing the User ID with the domainname\UserID and then a valid password.
    What is the domain name that you require? Keep this as the Domain name in the MFE.
    E.g You logged in as hello-dom\robstoves and then a valid password, then the Domain Name in MFE would be simply "hello-dom"
    Hope this hasn't confused u even further
    Give it a try.
    //Saquib

  • Help get my speed back to what it was.

    Hi
    Last month the mods reset my profile as due to a series of power cuts etc my speed had dropped. At the time my speed was about 1.5M but after help from the mods it was back up to about 3M and has been like that since. However, today my speed seems to have dropped again even though router has been up continuously for 9 days. Can someone help get my line back to its top speed? Thanks
    For info here are my current stats..

    Just to add to my own post, here are the router logs from this morning which I guess is when my line dropped and when it cam back up the speed had dropped..
    Why did the link go down and why when it came back up had my speed dropped by a meg?
    Thanks
    Jun 4 07:09:01 daemon crit kernel: Line 0: ADSL link down
    Jun 4 07:09:01 daemon warn kernel: bcmxtmcfg: XTM Link Information, port = 0, State = DOWN, Service Support = ATM
    Jun 4 07:09:01 daemon warn kernel: bcmxtmrt: DSD(8a5f4d9c) - 128
    Jun 4 07:09:01 daemon warn kernel: HOST XTM tx ch 0 disabled.
    Jun 4 07:09:01 daemon warn kernel: bcmxtmcfg: Connection DOWN, LinkActiveStatus=0x0
    Jun 4 07:09:03 daemon crit kernel: Line 0: xDSL G.994 training
    Jun 4 07:09:06 daemon notice syslog: pppd:Terminating on signal 20.
    Jun 4 07:09:06 daemon crit syslog: Clear IP addresses. PPP connection DOWN.
    Jun 4 07:09:06 daemon crit syslog: Clear IP addresses. Connection DOWN.
    Jun 4 07:09:12 daemon crit kernel: Line 0: ADSL G.992 started
    Jun 4 07:09:19 daemon crit kernel: Line 0: ADSL G.992 channel analysis
    Jun 4 07:09:25 daemon crit kernel: Line 0: ADSL G.992 message exchange
    Jun 4 07:09:26 daemon crit kernel: Line 0: ADSL link up, Bearer 0, us=712, ds=1831
    Jun 4 07:09:26 daemon warn kernel: bcmxtmcfg: XTM Link Information, port = 0, State = UP, Service Support = ATM
    Jun 4 07:09:26 daemon warn kernel: bcmxtmrt: MAC address: 00 04 ed fd 14 c9
    Jun 4 07:09:26 daemon warn kernel: [DoCreateDeviceReq.3244]: register_netdev
    Jun 4 07:09:26 daemon warn kernel: [DoCreateDeviceReq.3246]: register_netdev done
    Jun 4 07:09:26 daemon warn kernel: [FAP0] xtmCreateDevice : devId 0, encapType 1, headerLen 0
    Jun 4 07:09:26 daemon warn kernel: bcmxtmrt: DSD(891855dc) - 128
    Jun 4 07:09:26 daemon warn kernel: XTM Init: 400 tx BDs at 0xaa7a0000
    Jun 4 07:09:26 daemon warn kernel: bcmxtmcfg: Connection UP, LinkActiveStatus=0x1, US=712000, DS=1831000
    Jun 4 07:09:26 daemon warn kernel: [FAP0] xtmLinkUp : devId 0, matchId 0
    Jun 4 07:09:26 daemon notice syslog: pppd:cms logging initialized.
    Jun 4 07:09:26 daemon notice syslog: pppdPPoATM setdevname_pppoatm
    Jun 4 07:09:26 daemon notice syslog: pppdPPoATM setdevname_pppoatm - SUCCESS
    Jun 4 07:09:26 daemon notice syslog: pppd 2.4.1 started by admin, uid 0
    Jun 4 07:09:26 daemon notice syslog: PPP: Start to connect ...
    Jun 4 07:09:27 daemon warn kernel: netdev path : pppoa0
    Jun 4 07:09:27 daemon info kernel: -> atm0
    Jun 4 07:09:27 daemon notice syslog: pppd:Using interface pppoa0
    Jun 4 07:09:27 daemon notice syslog: pppd:Connect: pppoa0 <-->
    Jun 4 07:09:36 daemon notice syslog: pppd:LCP: timeout sending Config-Requests
    Jun 4 07:09:36 daemon notice syslog: pppd:Connection terminated.
    Jun 4 07:09:39 daemon notice syslog: PPP: Start to connect ...
    Jun 4 07:09:39 daemon warn kernel: netdev path : pppoa0
    Jun 4 07:09:39 daemon info kernel: -> atm0
    Jun 4 07:09:39 daemon notice syslog: pppd:Using interface pppoa0
    Jun 4 07:09:39 daemon notice syslog: pppd:Connect: pppoa0 <-->
    Jun 4 07:09:43 daemon crit syslog: PPP LCP UP.
    Jun 4 07:09:43 daemon notice syslog: pppd:Warning - secret file /etc/ppp/chap-secrets has world and/or group access
    Jun 4 07:09:43 daemon notice syslog: pppd:No CHAP secret found for authenticating us to bras-red9.sl
    Jun 4 07:09:43 daemon notice syslog: pppd:Remote message: CHAP authentication success, unit 16981
    Jun 4 07:09:43 daemon notice syslog: pppd:local IP address 86.182.11.60
    Jun 4 07:09:43 daemon notice syslog: pppd:remote IP address 217.32.147.104
    Jun 4 07:09:43 daemon notice syslog: pppdrimary DNS address 213.120.234.58
    Jun 4 07:09:43 daemon notice syslog: pppd:secondary DNS address 213.120.234.26
    Jun 4 07:09:43 daemon crit syslog: Received valid IP address from server. Connection UP.

  • TS1538 i need help because i need help getting my ipod touch to connect to windows vista and

    i need help getting my ipod touch to connect to windows because it keeps saying udb device not recognized and i tr\]ied restarting the settings!!!!!

    Have you tried here:
    iOS: Device not recognized in iTunes for Windows

  • My camera Canon G3 (i know it's old) no longer connects to iPhoto (8.1.2) on my iMac, I have checked with my friends iMac same model iPhoto version and it works fine using my cable, I would appreciate any help getting this sorted

    My camera Canon G3 (i know it's old) no longer connects to iPhoto (8.1.2) on my iMac, I have checked with my friends iMac same model iPhoto version and it works fine using my cable, I would appreciate any help getting this sorted

    As a Test:
    Hold down the option (or alt) key and launch iPhoto. From the resulting menu select 'Create Library'
    Import a few pics into this new, blank library. Is the Problem repeated there?

  • HT203167 I look at my history of purchases including my songs and ringtones from iTunes. They are all there but my ringtones say I have to purchase them again in order to put them on my new iPhone that I just purchased from Rogers. I need help getting my

    I'm trying to get my ringtones that i purchased on my old iPhone onto my new one that I just got. They r in my history and when I click on them it says you have already purchased them, would you like to buy them again in order to download them. I did it with one already and I now need help so I don't have to buy them again. Can u help get them back please

    Ringtones are currently a one-time only download from the store. If you don't have them on your computer nor on a backup then you can try contacting iTunes support and see if they will grant you a re-download : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption

  • I need help getting itunes on my new computer. old one crashed

    My old computer crashed, I downloaded iTunes on my new computer and need help getting all of my stuff on it that I had. I did 'home share' to see if that worked, and it didnt.
    Also, on my old computer, when I synced my iPad & my husbands iPod, it didnt sync any music or podcasts, no videos-and i went through each category seperately to sync it and it didnt work. So I can't sync my devices to the new iTunes bc not everything is on there that i have purchased.

    It has always been very basic to always maintain a backup copy of your comuter for just this occasion.  Use your backup copy to put everything on the new computer.
    If for some reason you have failed to maintain a backup, not good, then you can redownload some itunes purchases in some countries:
    Downloading past purchases from the App Store, iBookstore, and iTunes Store

  • TS4268 I need help getting my face time and imessage to work.

    I need help getting my face time and imessage to work. It is saying wating for activation. I just got my iphone 5 2 days ago. I have reset it from the phone and from itunes on the computer, made sure I'm attached to wifi.

    The 3 basic troubleshooting steps are these in order: 1. Restart your iphone  2.  Reset your settings/iphone  3.  Restore your iphone.  Since your iphone is only a couple of days old, you should backup your device before restoring.  If you don't have anything on your iphone that you care to lose, then simply restoring without a backup is fine.  A quick reset of pressing the sleep/wake button (top of iphone) and your home button simultaneously and holding it until the silver Apple logo appears. 

  • I need help getting my OS X Mavricks download to work and start downloading but it wont work

    i need help getting my OS X Mavricks download to work and start downloading but it wont work

    Contact http://www.apple.com/support/mac/app-store/contact/. They're responsible for getting this abysmal delivery system to work.

  • I need help getting my os x mountain lion to work for my pro tools

    I need help getting my os x mountain lion to work for my pro tools

    Since you provide no details I can do nothing but guess, so perhaps this will help:
    http://avid.force.com/pkb/articles/en_US/how_to/Upgrading-to-Mac-OS-10-8?popup=t rue&NewLang=en&DocType=1080
    http://avid.force.com/pkb/articles/en_US/compatibility/Avid-Software-and-Mac-OS- X-10-8?popup=true&NewLang=en&DocType=1083
    If you continue to have problems, you probably should contact Avid support.
    Regards.

  • I need help getting my printer to work

    I need help getting my printer to work

    http://h30434.www3.hp.com/t5/Printer-Networking-and-Wireless/Want-Good-Answers-Ask-Good-Questions/td...
    Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
    I am employed by HP

Maybe you are looking for

  • IPod Classic and Audiobooks (Audible, not MP3)

    Just curious...has anyone else noticed (and been annoyed by) the fact that Audible audiobooks are no longer accessible anywhere except the "Audiobook" menu? This bothers for one rather large reason...I ahve a rather large number of Audible audiobooks

  • MSDN Exchange Server Protocols - Masrch 30, 2015

    The Mar 30, 2015 release contains updates made to Microsoft Exchange Server Protocol and Standards documents.  Exchange Server Protocol Documents links Landing Page: Exchange Server Protocols Full documentation set (ZIP) – Microsoft Exchange Server P

  • How do I sign an IPA coming from a third party developer with our Distribution Profile?

    We have an app developed from a third party developer. We then received his IPA file. Upon uploading the IPA using Application Loader, we are getting this error, We tried sending our Mobile Developer and Distribution Provisioning Profiles to him, but

  • HELP! Problem viewing Youtube videos.

    Hello, I am having problems viewing Youtube videos. Everything was great until the other day. I have not changed anything on my computer to create this problem. Diagnosis: when viewing videos straight from youtube.com with Safari, it loads and starts

  • Barcode/sapscript alignment horizontal / vertical on hp4350 cyrillic

    Hello everyone! I am developing a sheet of labels wearing a EAN13 Barcode. It has 56 labels (german brand, no 3668) on a sheet. one label is presented by one instance of the main window, the "First" Page consists of 56 page windows. i put the structu