堆栈内存溢出
  繁体   English   中英

Java 7 Kerberos问题 - AES128损坏的校验和

[英]Java 7 Kerberos Issue - AES128 Corrupt checksum

 原文  2012-03-02 14:01:11       java/ linux/ active-directory/ aes/ kerberos

问题描述

我正在从Java 6迁移到Java 7,并且遇到了Kerberos身份验证问题。 在我看来,基础加密类型顺序被切换,因此使用了不同的加密类型。 在这种情况下,运行Java 7时, Aes128CtsHmacSha1EType用于部分事务。 运行Java 6时以及Java 7运行的其他部分使用ArcFourHmacEType

其他细节:在Windows(Fedora 16)上针对Windows Active Directory服务器运行。

我知道如果我在krb5.conf文件中设置default_tkt_enctypes,default_tgs_enctypes,allowed_enctypes参数,我可以使用身份验证。 但是,我想让它在没有文件的情况下工作,理想情况下不必强制使用一个或两个enctype。

这是我得到的错误消息: 

java.security.PrivilegedActionException: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: Final handshake failed [Caused by GSSException: Token had invalid integrity check (Mechanism level: Corrupt checksum in Wrap token)]]
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at *internal.code*.LDAPAuthenticator.authenticate(LDAPAuthenticator.java:46)
at *internal.code*.LDAPAuthenticatorTest.testUpdateUser(LDAPAuthenticatorTest.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at junit.framework.TestCase.runTest(TestCase.java:154)
at junit.framework.TestCase.runBare(TestCase.java:127)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:118)
at junit.framework.TestSuite.runTest(TestSuite.java:208)
at junit.framework.TestSuite.run(TestSuite.java:203)
at junit.textui.TestRunner.doRun(TestRunner.java:116)
at com.intellij.junit3.JUnit3IdeaTestRunner.doRun(JUnit3IdeaTestRunner.java:139)
at junit.textui.TestRunner.doRun(TestRunner.java:109)
at com.intellij.junit3.JUnit3IdeaTestRunner.startRunnerWithArgs(JUnit3IdeaTestRunner.java:52)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:182)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: Final handshake failed [Caused by GSSException: Token had invalid integrity check (Mechanism level: Corrupt checksum in Wrap token)]]
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:168)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:232)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at *internal.code*.LDAPAuthenticator.getAttributeFor(LDAPAuthenticator.java:156)
at *internal.code*.user.LDAPAuthenticator.access$000(LDAPAuthenticator.java:27)
at *internal.code*.user.LDAPAuthenticator$1.run(LDAPAuthenticator.java:49)
... 27 more
Caused by: javax.security.sasl.SaslException: Final handshake failed [Caused by GSSException: Token had invalid integrity check (Mechanism level: Corrupt checksum in Wrap token)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.doFinalHandshake(GssKrb5Client.java:328)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:187)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:132)
... 42 more
Caused by: GSSException: Token had invalid integrity check (Mechanism level: Corrupt checksum in Wrap token)
at sun.security.jgss.krb5.WrapToken_v2.getData(WrapToken_v2.java:151)
at sun.security.jgss.krb5.WrapToken_v2.getData(WrapToken_v2.java:105)
at sun.security.jgss.krb5.Krb5Context.unwrap(Krb5Context.java:983)
at sun.security.jgss.GSSContextImpl.unwrap(GSSContextImpl.java:403)
at com.sun.security.sasl.gsskerb.GssKrb5Client.doFinalHandshake(GssKrb5Client.java:234)
... 44 more

是否可以在此设置中使用AES128?

如果我无法使AES128工作,有没有办法通过系统参数(而不是使用krb5.conf)设置默认的enctype?

1 个解决方案

解决方案1
 0  2014-03-14 22:49:06

听James Cape,安装无限安全文件。 由于美国的管辖权,JRE不能与JAR一起发货。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 java中的DES TripleDES和AES128代码 Java上的AES128加密,unix(openssl)上的解密? Android上是AES128还是AES256? Java中的DSA与RSA和AES128与AES256加密 Java和Objective C中的AES128 CBC加密提供不同的输出 在php和java之间使用不同的AES128,填充加密为零 如何在AES128算法中生成64位加密密钥? Android API级别10(2.3.3)中的NoClassDefFoundError AES128位 AES算法Java / Java Script中的128位密钥问题 AES128解密:javax.crypto.badpaddingexception pad块损坏
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM