tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Kerberos header passing issue
Date Fri, 04 Jun 2010 18:16:13 GMT
On 04/06/2010 18:30, Krishnan, Babu wrote:
> Hello
> 
> We are having Desktop SSO for an application hosted on tomcat. The Desktop SSO
> uses kerberos authentication. We are using spnego.sourceforge.net solution for
> enabling SSO on tomcat end. Now, desktop SSO works charm.
> 
> Now we would like to front tomcat with APache and use mod_jk for connecting. We
> have Apache 2.2.15, mod_jk 1.2.30 on Tomcat 6.0.24. As such apache & mod_jk is
> working fine with tomcat when SSO is turned off on tomcat i.e apache and mod_jk
> have been configured properly.
> 
> When i turn on SSO on tomcat, i get error when going through Apache but when i
> hit tomcat directly i don't get any error.
> 
> Here is the error i'm getting
> GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum
> failed)
>     sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
>     sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
>     sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
>     sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(Unknown Source)
>     sun.security.jgss.spnego.SpNegoContext.acceptSecContext(Unknown Source)
>     sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
>     sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
> 
> 
> Does it mean that i need to tweak some configuration on apache and mod_jk to
> work with tomcat when sso is enabled?

Take a good look at the headers. You'll probably find httpd/mod_jk is
modifying something on the way through.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message