directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSTUDIO-1066) Apache Directory Studio GSSAPI (Kerberos) Error
Date Wed, 22 Jul 2015 09:56:05 GMT

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14636622#comment-14636622
] 

Emmanuel Lecharny commented on DIRSTUDIO-1066:
----------------------------------------------

Java 5/6/7/8 support AES 128/256, but for AES 256, you must install the JCE framework :

https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#importlimits

Anyway, please switch to Java 8. Java 6 is EOL for 3 years now, and Java 7 is also EOL for
months.

> Apache Directory Studio GSSAPI (Kerberos) Error
> -----------------------------------------------
>
>                 Key: DIRSTUDIO-1066
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1066
>             Project: Directory Studio
>          Issue Type: Question
>    Affects Versions: 2.0.0-M8 (2.0.0.v20130628)
>         Environment: Windows Server 2008 R2 Enterprise, Java version: 1.6.0_24,
>            Reporter: Csaba Cserba
>              Labels: Kerberos, LDAP
>         Attachments: Apache DS.png, Apache DS1.png
>
>
> I would like to ask from all of you, that what should be the solution for my error message.
It is about, when I check the authentication with the server and the settings are set to:
Use native TGT in Kerberos settings.
> The authentication parameters: Bind DN or user: admin (which is in domain) Bind password:
is my password.
> The error message is:
> The authentication failed. - java.security.PrivilegedActionException:
> org.apace.directory.api.ldap.model.exception.LdapException:
> javax.security.sasl.SaslException: GSS initiate failed 
> [Caused by GSSException: No valid credentials provided 
>     (Mechanism level: Illegal key size)]
> When I click on more details:
> The authentication failed
>  - java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException:
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials
provided (Mechanism level: Illegal key size)]
>   org.apache.directory.api.ldap.model.exception.LdapException: java.security.PrivilegedActionException:
org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException:
GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level:
Illegal key size)]
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1535)
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1421)
>     at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:447)
>     at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
>     at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
>     at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
>     at org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:79)
>     at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:122)
>     at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
> Caused by: java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException:
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials
provided (Mechanism level: Illegal key size)]
>     at java.security.AccessController.doPrivileged(Native Method)
>     at javax.security.auth.Subject.doAs(Unknown Source)
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1525)
>     ... 8 more
> Caused by: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException:
GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level:
Illegal key size)]
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindSasl(LdapNetworkConnection.java:3898)
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.access$200(LdapNetworkConnection.java:178)
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection$2.run(LdapNetworkConnection.java:1529)
>     ... 11 more
> Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException:
No valid credentials provided (Mechanism level: Illegal key size)]
>     at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindSasl(LdapNetworkConnection.java:3808)
>     ... 13 more
> Caused by: GSSException: No valid credentials provided (Mechanism level: Illegal key
size)
>     at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
>     at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
>     at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
>     ... 15 more
> Caused by: KrbException: Illegal key size
>     at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.encrypt(Unknown Source)
>     at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.encrypt(Unknown Source)
>     at sun.security.krb5.EncryptedData.<init>(Unknown Source)
>     at sun.security.krb5.KrbApReq.createMessage(Unknown Source)
>     at sun.security.krb5.KrbApReq.init(Unknown Source)
>     at sun.security.krb5.KrbApReq.<init>(Unknown Source)
>     at sun.security.krb5.KrbTgsReq.createRequest(Unknown Source)
>     at sun.security.krb5.KrbTgsReq.<init>(Unknown Source)
>     at sun.security.krb5.KrbTgsReq.<init>(Unknown Source)
>     at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
>     at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)
>     at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
>     ... 18 more
> Caused by: java.security.InvalidKeyException: Illegal key size
>     at javax.crypto.Cipher.a(DashoA13*..)
>     at javax.crypto.Cipher.a(DashoA13*..)
>     at javax.crypto.Cipher.a(DashoA13*..)
>     at javax.crypto.Cipher.init(DashoA13*..)
>     at javax.crypto.Cipher.init(DashoA13*..)
>     at sun.security.krb5.internal.crypto.dk.AesDkCrypto.getCipher(Unknown Source)
>     at sun.security.krb5.internal.crypto.dk.DkCrypto.dr(Unknown Source)
>     at sun.security.krb5.internal.crypto.dk.DkCrypto.dk(Unknown Source)
>     at sun.security.krb5.internal.crypto.dk.AesDkCrypto.encryptCTS(Unknown Source)
>     at sun.security.krb5.internal.crypto.dk.AesDkCrypto.encrypt(Unknown Source)
>     at sun.security.krb5.internal.crypto.Aes256.encrypt(Unknown Source)
>     ... 30 more
>   java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException:
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials
provided (Mechanism level: Illegal key size)]
> Thanks for all your kind help.
> P.S.: My set up is Kerberos Real: My domain KDC Host: My domain KDC Port: 88
> The Network parameter:
> Name: Enterprise Hostname: my domain Port 389 Encryption: No encryption
> Provider apache directory LDAP Client Api



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message