Okay, more headway, but still no luck. I installed Spark on the Openfire server and set the reg key so I can make attempts more easilly. I have also figgured out how to successfully create a ktab keytab file. Using ktpass with the “-pass *” option changes the password in AD to something java won’t ever authenticate against. Regardless, using ktab or ktpass both produces usable keytab files for me.
Now my problem is with Openfire using the keytab. When I try to use SSO, the following shows up in the console of Openfire…
Closing connection due to error while processing message: <auth mechanism=“GSSAPI” xmlns=“urn:ietf:params:xml:ns:xmpp-sasl”>YIIFIAYJKoZIhvcSAQICAQBuggUPMIIFC6A DAgEFoQMCAQ6iBwMFAAAAAACjggQzYYIELzCCBCugAwIBBaERGw9DT1JQLlpBTlRBWi5DT02iLTAroAM CAQChJDAiGwR4bXBwGxpwbGUtamFiYmVyLmNvcnAuemFudGF6LmNvbaOCAAwggPcoAMCARehAwIBA6KCA84EggPKGvS35aRUPyzGpIKnjAJlqxBgxL5srDZbQzx8UD8R7CxpRfgbLWn/KaSFcSQDvL7guH4R/Deqj76u5LY11j0D4WkC/qQ12LqAr8Vg1zMx6nyr2eK9WOdySG8G0VvAT2LlLC2S/6dWtDfCzgKy2/WUMVtJ7M5URT7BD SfCaeVhcXo6hOMGgWnb8vOqXHPEY2VdIdcpbcT2EwJ8TOwfa66cxoKroXtq9kynzHJAL/n/HUXdzOUapPNQhftSrXplCK7hK3IDn4CW8pHbPr vSbIPw6Ck4N/y/vTSGwCgRAYvhQKdA30Ds8i0Y90QgY3fLgQbnQHOD9KmEyvY4ypuLYCZAWwjSwYGtdF Tza6Yq0jH9InWuwdCyovYF3c16CWGDlu4jiGkuT5gYjWzWgFLXyrsDwvUWYN7HFu/YdCwNQl5M/Yk9NAplfyTd18T4nTpDFenqthH/4UqYX/FAalQazZRhG5jiovdIvhZwxetmQsFHtEkpVBb/Ym9dPFk9aIxRFgmRSw5MICW91Ns7uh2xuPnBeEh3DkM8UIvwTuwrIjFMKwhIKtTOPzPErvEmcZIAjqoB7t72Rqk25gUdpfNtIgsoPn AsOhLPzPYtjTxkjntr3l6YWwqXtCm2XdszFwVr1A5E94fe24Bx/B1lj9OE2OuennF0LO8bB6uYXNXFCH 8QuBbzI2s6MidGhkg01Gk4l1uRtsC3LpJgaTDjReDKjQxMKHptSLx5DjlABP9HPFefIt3Vxa9yJEBO0yiYxw5teO2Ju0Mohp9YL9 kFxV0If24j6sfvYHZ9s0ApqizzU41WwoGeWy3Zvzx4eqAzQPcs1FSYSgrQCbn8Wiz9DWGOQySg04iFLv 6c2kYLN4YpFblZAoI1SkhPcsLXcKTm1gd8UyU3HuSZwfewbwaGOvY6mwwyIKnSNTxlrHkzESilil5rrZ5FQClWE qdTrRqYvcjbs8URZkRWHK3XT3JGHBEAnNY7HRhgS02pRy1uW5SiUh4PgkgMesdAbUFaKBkwuphYzf1Lu klNKjzyg/ucwpOY2dXASPAdIPoVfppr9tgqZzHD0Q/RpTMdfUbM/DwsrdBJs9X0n/E4N0owPjUO9rqiIkcJSc3ue17QZ8jR1j8FtImxUv2pVqCrNIOMej9jetXCsI23gxwUAbI29xSiLNumO1Ymkwp9JoI0f2/8y5kYpW/eFtv02JZL0pfZxtRECfSDUccu2UxWnz88CNWFnTUyj045BgU3xj2JOGPdvSqanoODav2Rw0OXfotOMq0Wbg9IYyaSBvjCBu6ADAgEDooGzBIGwBerex0AVlwqteuPrgMqstA74gibo9iq 71E72RTjo3bCx5w7oYbTl1TRno34/5V/pZij0QEWHqAwaILmNZfYFlDyS3GvYXoHmmR7KOXI7MKp2HpwENb3UjJzJkwchNKNBRGN2fMOtanGxkfvmsaljTiclm6A/jXzHiahBecaOtBA7 WSXoGKRxk55gV1AGRxdAQnoXvUl/TTjR7dakgDQfN47Sfmao7EhZKmglvo2x4=</auth>
java.lang.SecurityException: Configuration Error:
Line 0: expected , found
at com.sun.security.auth.login.ConfigFile.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at javax.security.auth.login.Configuration$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Unknown Source)
at sun.security.jgss.LoginConfigImpl$1.run(Unknown Source)
at sun.security.jgss.LoginConfigImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.LoginConfigImpl.<init>(Unknown Source)
at sun.security.jgss.GSSUtil.login(Unknown Source)
at sun.security.jgss.krb5.Krb5Util.getKeys(Unknown Source)
at sun.security.jgss.krb5.Krb5AcceptCredential$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Unknown Source)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(Unknown Source)
at sun.security.jgss.GSSCredentialImpl.add(Unknown Source)
at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)
at com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(Unknown Source)
at com.sun.security.sasl.gsskerb.FactoryImpl.createSaslServer(Unknown Source)
at javax.security.sasl.Sasl.createSaslServer(Unknown Source)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :213)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:148)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:133)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:570)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:58)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:180)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :239)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:283)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: Configuration Error:
Line 0: expected , found
at com.sun.security.auth.login.ConfigFile.match(Unknown Source)
at com.sun.security.auth.login.ConfigFile.parseLoginEntry(Unknown Source)
at com.sun.security.auth.login.ConfigFile.readConfig(Unknown Source)
at com.sun.security.auth.login.ConfigFile.init(Unknown Source)
at com.sun.security.auth.login.ConfigFile.init(Unknown Source)
… 49 more
I have zipped up all my current configs and new logs in hopes that someone can help me figure this out. I know I have got to be sooo close!
Thanks!
-A
aklino-20080612.zip (10798 Bytes)