tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Krishnan, Babu" <BKrish...@medrad.com>
Subject Kerberos header passing issue
Date Fri, 04 Jun 2010 17:30:54 GMT
Hello

We are having Desktop SSO for an application hosted on tomcat. The Desktop SSO
uses kerberos authentication. We are using spnego.sourceforge.net solution for
enabling SSO on tomcat end. Now, desktop SSO works charm.

Now we would like to front tomcat with APache and use mod_jk for connecting. We
have Apache 2.2.15, mod_jk 1.2.30 on Tomcat 6.0.24. As such apache & mod_jk is
working fine with tomcat when SSO is turned off on tomcat i.e apache and mod_jk
have been configured properly.

When i turn on SSO on tomcat, i get error when going through Apache but when i
hit tomcat directly i don't get any error.

Here is the error i'm getting
GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum
failed)
    sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
    sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
    sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
    sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(Unknown Source)
    sun.security.jgss.spnego.SpNegoContext.acceptSecContext(Unknown Source)
    sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
    sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)


Does it mean that i need to tweak some configuration on apache and mod_jk to
work with tomcat when sso is enabled?

Please help

Regards
KB

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message