0

I am trying to get SSO working using SPNEGO for Tomcat 7 with IBM JDK. We are using "org.apache.catalina.authenticator.SpnegoAuthenticator" for authentication which calls com.sun.security.jgss.krb5.accept. The configuration for it is 

com.sun.security.jgss.krb5.accept {
    com.ibm.security.auth.module.Krb5LoginModule required
    principal="xxx@xxx.COM"
    useKeyTab=C:/Downloads/tomcat/conf/xxx.keytab
    credsType=acceptor
    debug=true;
   };

I tried with Java 6 (SR9), 7 (SR1,SR5), but I always get stuck on below error.

java.security.PrivilegedActionException: org.ietf.jgss.GSSException, major code: 11, minor code: 0
    major string: General failure, unspecified at GSSAPI level
    minor string: Desired initLifetime zero or less

Can anybody point to anything that I have missed?

-Thanks

Rachit
  • 1
  • 2
  • I am not so sure but from the error string :major code: 11, minor code: 0 , this error happens when you have compiled the code against higher/different version of jre than whats the tomcat is using.. This is just a guess looking at the error. Please ignore if you have already tried this option – surya Oct 05 '13 at 07:13
  • IBM has a closed bug on the topic: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54545 they imply its been fixed so you may wish to confirm that you are compiling with and executing on a version with the fix. – Frank Thomas Oct 06 '13 at 06:31
  • Hi Frank, Thanks for helping. I did search on this and found the same link that you sent. They claimed to have fixed this in SR6 and I tested with SR9 and even Java 7 but no luck :(. – Rachit Oct 07 '13 at 09:10
  • follow this thread, you will get the answer, btw i personally think its ibm jdk's issue http://mail-archives.apache.org/mod_mbox/tomcat-users/201310.mbox/%3C1F6195324CA34E48AE2D83F1F8E0833D9784B77702@MSPMSGCCR000.corp.fairisaac.com%3E – Arunav Sanyal Nov 07 '13 at 13:04

0 Answers0