Login Error when authenticating with Kerberos

active-directory websphere kerberos spnego gssapi
11,745

It might be linked to a time (NTP) issue.

Kerberos preauthentification uses a timestamp as far as I know (to generate one-time-passwords), so I bet an NTP issue could cause that kind of problems.

Also, credentials not being destroyed could lead in such problems I suppose (e;g users not logged off correctly)

Check that all your servers (appservers where the app is running, as well as the Kerberos KDC) are synchronized with an NTP server and have the exact same time.

Share:
11,745
yogsma
Author by

yogsma

Programmer. Founder of https://rentersvoices.com Developer of Android Application YFormulator (formerly Formulator). I used to write posts for Java Code Geeks here. Now I write better java code. Also you can check my github repositories github. You can download my ebook Spring Boot and Microservices Certified Scrum Master

Updated on June 04, 2022

Comments

  • yogsma
    yogsma about 2 years

    We are facing an interesting problem. Users login to application with Kerberos authentication. Few times they are successful, but suddenly they face lockout for their user login information and they see the error below on their screen

    Login error: com.ibm.security.krb5.KrbException, status code: 24
    message: Pre-authentication information was invalid
Stack Trace : 
javax.security.auth.login.FailedLoginException: Login error: com.ibm.security.krb5.KrbException, status code: 24
    message: Pre-authentication information was invalid
    at com.ibm.security.jgss.i18n.I18NException.throwFailedLoginException(I18NException.java:33)
    at com.ibm.security.auth.module.Krb5LoginModule.a(Krb5LoginModule.java:457)
    at com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:377)
    at com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:200)
    at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
    at java.lang.reflect.Method.invoke(Method.java:620)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:781)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:215)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:706)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:704)
    at java.security.AccessController.doPrivileged(AccessController.java:452)

    When we restart websphere application servers, everything works for the same users till they face the issue again. We have tried to check logs and change keytab file, but nothing has worked. Has anyone face this issue?

  • yogsma
    yogsma over 7 years
    This was my exact first answer to this particular question when I came across the issue. I will have to get back to you on this.
  • T-Heron
    T-Heron over 5 years
    Just stumbled upon this question again. Did it wind up being a time sync problem?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to verify kerberos token?
Java Kerberos authentication seems to work, still gets rejected
Putty Kerberos/GSSAPI authentication
Apache SSO through Kerberos using Machine Account
checksum failed: Kerberos / Spring / Active Directory (2008)
Java Authentication against Active Directory, authentication mismatch?
Spring Security Single Sign On in Windows Environment
Apache Kerberos Authentication - Client didn't delegate us their credential
Why is JDK1.8.0u121 unable to find the kerberos default_tkt_enctypes types? (KrbException: no supported default etypes for default_tkt_enctypes)
GSSException: Message stream modified (41)