I wrote a simple java application that uses GSSAPI in order to connect to Active Directory (Kerberos SSO).
I have 2 realms and KDCs: x and y.
If I'll run the tool with realm/KDC x - The tool will work.
If I'll run the tool with realm/KDC y - The tool will work too.
If I'll run the tool to perform 2 authentications with realm/KDC x (login, logout, login, logout) - Works.
Same result for realm/KDC y.
The problem is when I'm trying to switch between the two realms/KDCs: login x, logout x, login y, logout y - An exception is thrown when trying to login to the second one:
GSSException: Mechanism level: Message stream modified (41))
Just to clarify - The problem occurs only if I'm using 2 different realms/KDCs (one each time, of course), without restarting the entire application between these two.
I think that java/gssapi somehow caches the realm or the krb ticket, or something else.
The question is how can I clear this cache (without killing the entire application), or if there's no such cache / static variables, how can I make it work?
Thank you!
Your problem is probably a faulty krb5.conf
file. See here: GSSException: Message stream modified (41)
Post your entire krb5.conf
fine and the accessed SPNs.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.