JAVA和GSSAPI:清除缓存
[英]JAVA & GSSAPI: Clearing cache
问题描述
I wrote a simple java application that uses GSSAPI in order to connect to Active Directory (Kerberos SSO). 
我编写了一个简单的Java应用程序,该应用程序使用GSSAPI来连接到Active Directory(Kerberos SSO)。
I have 2 realms and KDCs: x and y. 我有2个领域和KDC:x和y。
If I'll run the tool with realm/KDC x - The tool will work. 如果我将使用realm / KDC x运行该工具-该工具将正常工作。
If I'll run the tool with realm/KDC y - The tool will work too. 如果我将使用realm / KDC y运行该工具-该工具也可以使用。
If I'll run the tool to perform 2 authentications with realm/KDC x (login, logout, login, logout) - Works. 如果我将运行该工具以对realm / KDC x(登录,注销,登录,注销)执行2种身份验证-可以。
Same result for realm/KDC y. 领域/ KDC y的结果相同。
The problem is when I'm trying to switch between the two realms/KDCs: login x, logout x, login y, logout y - An exception is thrown when trying to login to the second one: 问题是当我尝试在两个领域/ KDC之间切换时:登录x,注销x,登录y,注销y-尝试登录第二个时,抛出异常:
GSSException: Mechanism level: Message stream modified (41)) GSSException:机制级别:消息流已修改(41))
Just to clarify - The problem occurs only if I'm using 2 different realms/KDCs (one each time, of course), without restarting the entire application between these two. 只是为了澄清-仅当我使用2个不同的领域/ KDC(当然,每次使用1个),而没有在这两个领域之间重新启动整个应用程序时,才会出现问题。
I think that java/gssapi somehow caches the realm or the krb ticket, or something else. 我认为java / gssapi以某种方式缓存了领域或krb票证或其他东西。
The question is how can I clear this cache (without killing the entire application), or if there's no such cache / static variables, how can I make it work? 问题是如何清除该缓存(而不会杀死整个应用程序),或者如果没有此类缓存/静态变量,如何使它工作?
Thank you! 谢谢!
1 个解决方案
解决方案1
0 2013-05-07 20:06:29
Your problem is probably a faulty krb5.conf file. 您的问题可能是错误的krb5.conf文件。 See here: GSSException: Message stream modified (41) 参见此处: GSSException:消息流已修改(41)
Post your entire krb5.conf fine and the accessed SPNs. 将您的整个krb5.conf和访问的SPN完整发布。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.