Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Date: Wed, 22 Jul 2015 08:57:04 +0000 (UTC)
From: "Csaba Cserba (JIRA)" <jira@apache.org>
To: dev@directory.apache.org
Message-ID: <JIRA.12846519.1437485187000.254080.1437555424759@Atlassian.JIRA>
In-Reply-To: <JIRA.12846519.1437485187000@Atlassian.JIRA>
References: <JIRA.12846519.1437485187000@Atlassian.JIRA>
 <JIRA.12846519.1437485187219@arcas>
Subject: [jira] [Updated] (DIRSTUDIO-1066) Apache Directory Studio GSSAPI
 (Kerberos) Error
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


     [ https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Csaba Cserba updated DIRSTUDIO-1066:
------------------------------------
    Attachment: Apache DS1.png
                Apache DS.png

> Apache Directory Studio GSSAPI (Kerberos) Error
> -----------------------------------------------
>
>                 Key: DIRSTUDIO-1066
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1066
>             Project: Directory Studio
>          Issue Type: Question
>    Affects Versions: 2.0.0-M8 (2.0.0.v20130628)
>         Environment: Windows Server 2008 R2 Enterprise, Java version: 1.6.0_24,
>            Reporter: Csaba Cserba
>              Labels: Kerberos, LDAP
>         Attachments: Apache DS.png, Apache DS1.png
>
>
> I would like to ask from all of you, that what should be the solution for my error message. It is about, when I check the authentication with the server and the settings are set to: Use native TGT in Kerberos settings.
> The authentication parameters: Bind DN or user: admin (which is in domain) Bind password: is my password.
> The error message is:
> The authentication failed. - java.security.PrivilegedActionException:
> org.apace.directory.api.ldap.model.exception.LdapException:
> javax.security.sasl.SaslException: GSS initiate failed 
> [Caused by GSSException: No valid credentials provided 
>     (Mechanism level: Illegal key size)]
> When I click on more details:
> The authentication failed
>  - java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Illegal key size)]
>   org.apache.directory.api.ldap.model.exception.LdapException: java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Illegal key size)]
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1535)
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1421)
>     at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:447)
>     at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
>     at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
>     at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
>     at org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:79)
>     at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:122)
>     at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
> Caused by: java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Illegal key size)]
>     at java.security.AccessController.doPrivileged(Native Method)
>     at javax.security.auth.Subject.doAs(Unknown Source)
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1525)
>     ... 8 more
> Caused by: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Illegal key size)]
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindSasl(LdapNetworkConnection.java:3898)
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.access$200(LdapNetworkConnection.java:178)
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection$2.run(LdapNetworkConnection.java:1529)
>     ... 11 more
> Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Illegal key size)]
>     at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
>     at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindSasl(LdapNetworkConnection.java:3808)
>     ... 13 more
> Caused by: GSSException: No valid credentials provided (Mechanism level: Illegal key size)
>     at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
>     at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
>     at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
>     ... 15 more
> Caused by: KrbException: Illegal key size
>     at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.encrypt(Unknown Source)
>     at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.encrypt(Unknown Source)
>     at sun.security.krb5.EncryptedData.<init>(Unknown Source)
>     at sun.security.krb5.KrbApReq.createMessage(Unknown Source)
>     at sun.security.krb5.KrbApReq.init(Unknown Source)
>     at sun.security.krb5.KrbApReq.<init>(Unknown Source)
>     at sun.security.krb5.KrbTgsReq.createRequest(Unknown Source)
>     at sun.security.krb5.KrbTgsReq.<init>(Unknown Source)
>     at sun.security.krb5.KrbTgsReq.<init>(Unknown Source)
>     at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
>     at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)
>     at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
>     ... 18 more
> Caused by: java.security.InvalidKeyException: Illegal key size
>     at javax.crypto.Cipher.a(DashoA13*..)
>     at javax.crypto.Cipher.a(DashoA13*..)
>     at javax.crypto.Cipher.a(DashoA13*..)
>     at javax.crypto.Cipher.init(DashoA13*..)
>     at javax.crypto.Cipher.init(DashoA13*..)
>     at sun.security.krb5.internal.crypto.dk.AesDkCrypto.getCipher(Unknown Source)
>     at sun.security.krb5.internal.crypto.dk.DkCrypto.dr(Unknown Source)
>     at sun.security.krb5.internal.crypto.dk.DkCrypto.dk(Unknown Source)
>     at sun.security.krb5.internal.crypto.dk.AesDkCrypto.encryptCTS(Unknown Source)
>     at sun.security.krb5.internal.crypto.dk.AesDkCrypto.encrypt(Unknown Source)
>     at sun.security.krb5.internal.crypto.Aes256.encrypt(Unknown Source)
>     ... 30 more
>   java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Illegal key size)]
> Thanks for all your kind help.
> P.S.: My set up is Kerberos Real: My domain KDC Host: My domain KDC Port: 88
> The Network parameter:
> Name: Enterprise Hostname: my domain Port 389 Encryption: No encryption
> Provider apache directory LDAP Client Api


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)