daily pastebin goal
51%
SHARE
TWEET

Untitled

a guest Mar 20th, 2017 132 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 17-Mar-2017 10:59:39.367 FINE [http-nio-8080-exec-6] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /testad/
  2. 17-Mar-2017 10:59:39.367 FINE [http-nio-8080-exec-6] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Common Area]' against GET /index.jsp --> true
  3. 17-Mar-2017 10:59:39.367 FINE [http-nio-8080-exec-6] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Common Area]' against GET /index.jsp --> true
  4. 17-Mar-2017 10:59:39.367 FINE [http-nio-8080-exec-6] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling hasUserDataPermission()
  5. 17-Mar-2017 10:59:39.367 FINE [http-nio-8080-exec-6] org.apache.catalina.realm.RealmBase.hasUserDataPermission   User data constraint has no restrictions
  6. 17-Mar-2017 10:59:39.367 FINE [http-nio-8080-exec-6] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling authenticate()
  7. 17-Mar-2017 10:59:39.383 SEVERE [http-nio-8080-exec-6] org.apache.catalina.authenticator.SpnegoAuthenticator.doAuthenticate Unable to login as the service principal
  8.  javax.security.auth.login.LoginException: Unable to obtain password from user
  9.  
  10.     at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Unknown Source)
  11.     at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
  12.     at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
  13.     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  14.     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  15.     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  16.     at java.lang.reflect.Method.invoke(Unknown Source)
  17.     at javax.security.auth.login.LoginContext.invoke(Unknown Source)
  18.     at javax.security.auth.login.LoginContext.access$000(Unknown Source)
  19.     at javax.security.auth.login.LoginContext$4.run(Unknown Source)
  20.     at javax.security.auth.login.LoginContext$4.run(Unknown Source)
  21.     at java.security.AccessController.doPrivileged(Native Method)
  22.     at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
  23.     at javax.security.auth.login.LoginContext.login(Unknown Source)
  24.     at org.apache.catalina.authenticator.SpnegoAuthenticator.doAuthenticate(SpnegoAuthenticator.java:197)
  25.     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:556)
  26.     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
  27.     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
  28.     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
  29.     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
  30.     at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
  31.     at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
  32.     at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
  33.     at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
  34.     at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
  35.     at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
  36.     at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
  37.     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  38.     at java.lang.Thread.run(Unknown Source)
  39.  
  40. 17-Mar-2017 10:59:39.383 FINE [http-nio-8080-exec-6] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed authenticate() test
  41.    
  42. <?xml version="1.0" encoding="UTF-8"?>
  43.  
  44. <Server port="8005" shutdown="SHUTDOWN">
  45.   <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  46.   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  47.   <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  48.   <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  49.   <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
  50.  
  51.   <GlobalNamingResources>
  52.     <Resource name="UserDatabase" auth="Container"
  53.               type="org.apache.catalina.UserDatabase"
  54.               description="User database that can be updated and saved"
  55.               factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
  56.               pathname="conf/tomcat-users.xml" />
  57.   </GlobalNamingResources>
  58.   <Service name="Catalina">
  59.     <Connector port="8080" maxSavePostSize="2097152" URIEncoding="UTF-8" maxHttpHeaderSize="65536"/>
  60.     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
  61.     <Engine name="Catalina" defaultHost="localhost">
  62.         <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
  63.             <Context docBase="testad" path="/testad">
  64.                 <Realm className="org.apache.catalina.realm.JNDIRealm"
  65.                         connectionURL="ldap://dev.devdevelopment.com:389"
  66.                         userSubtree="true"
  67.                         userBase="CN=Users,DC=devdevelopment,DC=com"
  68.                         userSearch="(sAMAccountName={0})"
  69.                         userRoleName="memberOf"
  70.                         roleBase="CN=tc-webapp-users,OU=tomcat-ou,DC=devdevelopment,DC=com"
  71.                         roleName="cn"
  72.                         roleSearch="(member={0})"
  73.                         roleSubtree="true"
  74.                         roleNested="true"/>
  75.                 <Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator" storeDelegatedCredential="true"/>
  76.             </Context>
  77.         </Host>
  78.     </Engine>
  79.   </Service>
  80. </Server>
  81.    
  82. <?xml version="1.0" encoding="UTF-8"?>
  83. <web-app version="2.5"
  84.     xmlns="http://java.sun.com/xml/ns/javaee"
  85.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  86.     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
  87.     http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
  88.  
  89.     <welcome-file-list>
  90.         <welcome-file>index.jsp</welcome-file>
  91.     </welcome-file-list>
  92.  
  93.     <session-config>
  94.         <session-timeout>
  95.             30
  96.         </session-timeout>
  97.     </session-config>
  98.  
  99.     <!-- OLD TRY
  100. <security-constraint>
  101.     <display-name>all_auth</display-name>
  102.     <web-resource-collection>
  103.         <web-resource-name>all</web-resource-name>
  104.         <description/>
  105.         <url-pattern>/*</url-pattern>
  106.     </web-resource-collection>
  107.     <auth-constraint>
  108.         <role-name>tc-webapp-users</role-name>
  109.     </auth-constraint>
  110. </security-constraint>
  111. -->
  112.  
  113.     <security-constraint>
  114.         <web-resource-collection>
  115.             <web-resource-name>Common Area</web-resource-name>
  116.             <url-pattern>/*</url-pattern>
  117.             <http-method>GET</http-method>
  118.             <http-method>POST</http-method>
  119.             <http-method>PUT</http-method>
  120.             <http-method>HEAD</http-method>
  121.             <http-method>TRACE</http-method>
  122.             <http-method>DELETE</http-method>
  123.             <http-method>OPTIONS</http-method>
  124.         </web-resource-collection>
  125.         <auth-constraint>
  126.             <role-name>tc-webapp-users</role-name>
  127.         </auth-constraint>
  128.         <user-data-constraint>
  129.             <transport-guarantee>NONE</transport-guarantee>
  130.         </user-data-constraint>
  131.     </security-constraint>
  132.  
  133.     <login-config>
  134.         <auth-method>SPNEGO</auth-method>
  135.         <!--
  136.         <realm-name>DEVDEVELOPMENT.COM</realm-name>
  137.         -->
  138.     </login-config>
  139.  
  140.     <security-role>
  141.         <description>TC-WebApp-Roles</description>
  142.         <role-name>tc-webapp-users</role-name>
  143.     </security-role>
  144. </web-app>
  145.    
  146. [libdefaults]
  147. default_realm=DEVDEVELOPMENT.COM
  148. default_keytab_name=“C:/Program Files/Apache Software Foundation/Tomcat 8.5/conf/tomcat.keytab"
  149. default_txt_enctypes=rc4-hmac,aes256-cts-hmac-shal-96,aes128-cts-hmac-shal-96
  150. default_tgs_enctypes=rc4-hmac,aes256-cts-hmac-shal-96,aes128-cts-hmac-shal-96
  151. permitted_enctypes=rc4-hmac,aes256-cts-hmac-shal-96,aes128-cts-hmac-shal-96
  152. udp_preference_limit=1
  153. forwardable=true
  154.  
  155. [realms]
  156. DEVDEVELOPMENT.COM={
  157.     kdc=dev.devdevelopment.com
  158. }
  159.  
  160. [domain_realm]
  161. devdevelopment.com=DEVDEVELOPMENT.COM
  162. .devdevelopment.com=DEVDEVELOPMENT.COM
  163.    
  164. com.sun.security.jgss.krb5.accept {
  165.     com.sun.security.auth.module.Krb5LoginModule required
  166.     doNotPrompt=true
  167.     principal="HTTP/windows7devpc.devdevelopment.com@DEVDEVELOPMENT.COM"
  168.     keyTab="C:Program FilesApache Software FoundationTomcat 8.5conftomcat.keytab"
  169.     storeKey=true
  170.     useKeyTab=true
  171.     useTicketCache=true
  172.     isInitiator=true
  173.     refreshKrb5Config=true
  174.     moduleBanner=true
  175.     storePass=true;
  176. };
  177.  
  178. com.sun.security.jgss.krb5.initiate {
  179.     com.sun.security.auth.module.Krb5LoginModule required
  180.     doNotPrompt=true
  181.     principal="HTTP/windows7devpc.devdevelopment.com@DEVDEVELOPMENT.COM"
  182.     keyTab="C:Program FilesApache Software FoundationTomcat 8.5conftomcat.keytab"
  183.     storeKey=true
  184.     useKeyTab=true
  185.     useTicketCache=true
  186.     isInitiator=true
  187.     refreshKrb5Config=true
  188.     moduleBanner=true
  189.     storePass=true
  190.     debug=true;
  191. };
  192.    
  193. c:Program FilesJavajdk1.8.0_31bin>klist -e -k -t "C:Program FilesApache Software FoundationTomcat 8.5conftomcat.keytab"
  194.  
  195. Key tab: C:Program FilesApache Software FoundationTomcat 8.5conftomcat.keytab, 1 entry found.
  196.  
  197. [1] Service principal: HTTP/windows7devpc.devdevelopment.com@DEVDEVELOPMENT.COM
  198.          KVNO: 12
  199.          Key type: 18
  200.          Time stamp: Jan 01, 1970 05:30:00
  201.    
  202. c:Program FilesJavajdk1.8.0_31bin>kinit -V -k -t "C:Program FilesApache Software FoundationTomcat 8.5conftomcat.keytab" HTTP/windows7devpc.de
  203. vdevelopment.com@DEVDEVELOPMENT.COM
  204. Exception: krb_error 0 Do not have keys of types listed in default_tkt_enctypes available; only have keys of following type:  No error
  205. KrbException: Do not have keys of types listed in default_tkt_enctypes available; only have keys of following type:
  206.         at sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:280)
  207.         at sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:261)
  208.         at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:315)
  209.         at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
  210.         at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)
  211.         at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
  212.    
  213. c:Program FilesJavajdk1.8.0_31bin>kinit -J-Dsun.security.krb5.debug=true -k -t "C:Program FilesApache Software FoundationTomcat 8.5conftomcat.keytab" HTTP/windows7devpc.devdevelopment.com@DEVDEVELOPMENT.COM
  214. >>>KinitOptions cache name is C:Usersdevtomcatkrb5cc_devtomcat
  215. Principal is HTTP/windows7devpc.devdevelopment.com@DEVDEVELOPMENT.COM
  216. >>> Kinit using keytab
  217. >>> Kinit keytab file name: C:Program FilesApache Software FoundationTomcat 8.5conftomcat.keytab
  218. Java config name: null
  219. LSA: Found Ticket
  220. LSA: Made NewWeakGlobalRef
  221. LSA: Found PrincipalName
  222. LSA: Made NewWeakGlobalRef
  223. LSA: Found DerValue
  224. LSA: Made NewWeakGlobalRef
  225. LSA: Found EncryptionKey
  226. LSA: Made NewWeakGlobalRef
  227. LSA: Found TicketFlags
  228. LSA: Made NewWeakGlobalRef
  229. LSA: Found KerberosTime
  230. LSA: Made NewWeakGlobalRef
  231. LSA: Found String
  232. LSA: Made NewWeakGlobalRef
  233. LSA: Found DerValue constructor
  234. LSA: Found Ticket constructor
  235. LSA: Found PrincipalName constructor
  236. LSA: Found EncryptionKey constructor
  237. LSA: Found TicketFlags constructor
  238. LSA: Found KerberosTime constructor
  239. LSA: Finished OnLoad processing
  240. Native config name: C:Windowskrb5.ini
  241. >>> Kinit realm name is DEVDEVELOPMENT.COM
  242. >>> Creating KrbAsReq
  243. >>> KrbKdcReq local addresses for windows7devpc are:
  244.  
  245.         windows7devpc/192.168.1.229
  246. IPv4 address
  247.  
  248.         windows7devpc/fe80:0:0:0:80f2:1a68:c0f0:710%11
  249. IPv6 address
  250. >>> KdcAccessibility: reset
  251. >>> KeyTabInputStream, readName(): DEVDEVELOPMENT.COM
  252. >>> KeyTabInputStream, readName(): HTTP
  253. >>> KeyTabInputStream, readName(): windows7devpc.devdevelopment.com
  254. >>> KeyTab: load() entry length: 107; type: 18
  255. Looking for keys for: HTTP/windows7devpc.devdevelopment.com@DEVDEVELOPMENT.COM
  256. Added key: 18version: 12
  257. Using builtin default etypes for default_tkt_enctypes
  258. default etypes for default_tkt_enctypes: 18 17 16 23.
  259. >>> KrbAsReq creating message
  260. getKDCFromDNS using UDP
  261. >>> KrbKdcReq send: kdc=dev.devdevelopment.com. UDP:88, timeout=30000, number of retries =3, #bytes=227
  262. >>> KDCCommunication: kdc=dev.devdevelopment.com. UDP:88, timeout=30000,Attempt =1, #bytes=227
  263. >>> KrbKdcReq send: #bytes read=227
  264. >>>Pre-Authentication Data:
  265.          PA-DATA type = 19
  266.          PA-ETYPE-INFO2 etype = 18, salt = DEVDEVELOPMENT.COMHTTPwindows7devpc.devdevelopment.com, s2kparams = null
  267.  
  268. >>>Pre-Authentication Data:
  269.          PA-DATA type = 2
  270.          PA-ENC-TIMESTAMP
  271. >>>Pre-Authentication Data:
  272.          PA-DATA type = 16
  273.  
  274. >>>Pre-Authentication Data:
  275.          PA-DATA type = 15
  276.  
  277. >>> KdcAccessibility: remove dev.devdevelopment.com.:88
  278. >>> KDCRep: init() encoding tag is 126 req type is 11
  279. >>>KRBError:
  280.          sTime is Thu Mar 16 22:50:19 IST 2017 1489684819000
  281.          suSec is 759798
  282.          error code is 25
  283.          error Message is Additional pre-authentication required
  284.          sname is krbtgt/DEVDEVELOPMENT.COM@DEVDEVELOPMENT.COM
  285.          eData provided.
  286.          msgType is 30
  287. >>>Pre-Authentication Data:
  288.          PA-DATA type = 19
  289.          PA-ETYPE-INFO2 etype = 18, salt = DEVDEVELOPMENT.COMHTTPwindows7devpc.devdevelopment.com, s2kparams = null
  290.  
  291. >>>Pre-Authentication Data:
  292.          PA-DATA type = 2
  293.          PA-ENC-TIMESTAMP
  294. >>>Pre-Authentication Data:
  295.          PA-DATA type = 16
  296.  
  297. >>>Pre-Authentication Data:
  298.          PA-DATA type = 15
  299.  
  300. KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
  301. Using builtin default etypes for default_tkt_enctypes
  302. default etypes for default_tkt_enctypes: 18 17 16 23.
  303. Looking for keys for: HTTP/windows7devpc.devdevelopment.com@DEVDEVELOPMENT.COM
  304. Added key: 18version: 12
  305. Looking for keys for: HTTP/windows7devpc.devdevelopment.com@DEVDEVELOPMENT.COM
  306. Added key: 18version: 12
  307. Using builtin default etypes for default_tkt_enctypes
  308. default etypes for default_tkt_enctypes: 18 17 16 23.
  309. >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
  310. >>> KrbAsReq creating message
  311. getKDCFromDNS using UDP
  312. >>> KrbKdcReq send: kdc=dev.devdevelopment.com. UDP:88, timeout=30000, number of retries =3, #bytes=316
  313. >>> KDCCommunication: kdc=dev.devdevelopment.com. UDP:88, timeout=30000,Attempt =1, #bytes=316
  314. >>> KrbKdcReq send: #bytes read=108
  315. >>> KrbKdcReq send: kdc=dev.devdevelopment.com. TCP:88, timeout=30000, number of retries =3, #bytes=316
  316. >>> KDCCommunication: kdc=dev.devdevelopment.com. TCP:88, timeout=30000,Attempt =1, #bytes=316
  317. >>>DEBUG: TCPClient reading 1766 bytes
  318. >>> KrbKdcReq send: #bytes read=1766
  319. >>> KdcAccessibility: remove dev.devdevelopment.com.:88
  320. Looking for keys for: HTTP/windows7devpc.devdevelopment.com@DEVDEVELOPMENT.COM
  321. Added key: 18version: 12
  322. >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
  323. >>> KrbAsRep cons in KrbAsReq.getReply HTTP/windows7devpc.devdevelopment.com
  324. New ticket is stored in cache file C:Usersdevtomcatkrb5cc_devtomcat
  325.    
  326. c:Program FilesJavajdk1.8.0_31bin>kinit
  327. Password for HTTP/windows7devpc.devdevelopment.com@DEVDEVELOPMENT.COM:*****
  328. New ticket is stored in cache file C:Usersdevtomcatkrb5cc_devtomcat
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top