Login Error when authenticating with Kerberos
It might be linked to a time (NTP) issue.
Kerberos preauthentification uses a timestamp as far as I know (to generate one-time-passwords), so I bet an NTP issue could cause that kind of problems.
Also, credentials not being destroyed could lead in such problems I suppose (e;g users not logged off correctly)
Check that all your servers (appservers where the app is running, as well as the Kerberos KDC) are synchronized with an NTP server and have the exact same time.
yogsma
Programmer. Founder of https://rentersvoices.com Developer of Android Application YFormulator (formerly Formulator). I used to write posts for Java Code Geeks here. Now I write better java code. Also you can check my github repositories github. You can download my ebook Spring Boot and Microservices Certified Scrum Master
Updated on June 04, 2022Comments
-
yogsma about 2 years
We are facing an interesting problem. Users login to application with Kerberos authentication. Few times they are successful, but suddenly they face lockout for their user login information and they see the error below on their screen
Login error: com.ibm.security.krb5.KrbException, status code: 24 message: Pre-authentication information was invalid Stack Trace : javax.security.auth.login.FailedLoginException: Login error: com.ibm.security.krb5.KrbException, status code: 24 message: Pre-authentication information was invalid at com.ibm.security.jgss.i18n.I18NException.throwFailedLoginException(I18NException.java:33) at com.ibm.security.auth.module.Krb5LoginModule.a(Krb5LoginModule.java:457) at com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:377) at com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:200) at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56) at java.lang.reflect.Method.invoke(Method.java:620) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:781) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:215) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:706) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:704) at java.security.AccessController.doPrivileged(AccessController.java:452)
When we restart websphere application servers, everything works for the same users till they face the issue again. We have tried to check logs and change keytab file, but nothing has worked. Has anyone face this issue?
-
yogsma over 7 yearsThis was my exact first answer to this particular question when I came across the issue. I will have to get back to you on this.
-
T-Heron over 5 yearsJust stumbled upon this question again. Did it wind up being a time sync problem?