I wrote a simple java application that uses GSSAPI in order to connect to Active Directory (Kerberos SSO).
I have 2 realms and KDCs: x and y.
If I'll run the tool with realm/KDC x - The tool will work.
If I'll run the tool with realm/KDC y - The tool will work too.
If I'll run the tool to perform 2 authentications with realm/KDC x (login, logout, login, logout) - Works.
Same result for realm/KDC y.
The problem is when I'm trying to switch between the two realms/KDCs: login x, logout x, login y, logout y - An exception is thrown when trying to login to the second one:
GSSException: Mechanism level: Message stream modified (41))
Just to clarify - The problem occurs only if I'm using 2 different realms/KDCs (one each time, of course), without restarting the entire application between these two.
I think that java/gssapi somehow caches the realm or the krb ticket, or something else.
The question is how can I clear this cache (without killing the entire application), or if there's no such cache / static variables, how can I make it work?
Thank you!
