View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017000 | CentOS-7 | krb5 | public | 2020-02-03 12:10 | 2020-05-08 09:34 |
Reporter | cir | Assigned To | |||
Priority | urgent | Severity | major | Reproducibility | always |
Status | new | Resolution | open | ||
Summary | 0017000: Krb5LoginModule.attemptAuthentication KrbException: Message stream modified (41) | ||||
Description | Nach update von openJDK 1.8.0_232-b09 auf 1.8.0_242-b08: KrbException: Message stream modified (41) Nach update von java 1.8.0_232-b09 auf 1.8.0_242-b08: kommt KrbException: Message stream modified (41) Login Konfiguration: serverSecurityDomain { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true debug=true keyTab="/etc/some.keytab" doNotPrompt=true storeKey=true realm=someRealm principal="somePrincipal"; }; /etc/krb5.conf: # Configuration snippets may be placed in this directory as well includedir /etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM | ||||
Additional Information | javax.security.auth.login.LoginException: Message stream modified (41) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:808) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:618) at sun.reflect.GeneratedMethodAccessor170.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at com.silbergrau.security.negotiation.spnego.SPNEGOLoginModule.getServerSubject(SPNEGOLoginModule.java:46) at com.silbergrau.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:73) at com.silbergrau.security.tomcat.auth.module.proxy.LoginModuleProxy.login(LoginModuleProxy.java:6) at sun.reflect.GeneratedMethodAccessor154.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:410) at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:327) at com.silbergrau.security.negotiation.NegotiationAuthenticator.doAuthenticate(NegotiationAuthenticator.java:12) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: KrbException: Message stream modified (41) at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:53) at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:159) at sun.security.krb5.KrbAsRep.decryptUsingKeyTab(KrbAsRep.java:121) at sun.security.krb5.KrbAsReqBuilder.resolve(KrbAsReqBuilder.java:308) at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:447) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:780) ... 41 more | ||||
Tags | Kernel 3.10.0-693.21.1.el7.x86_64 | ||||
abrt_hash | |||||
URL | |||||
Ran in to the same issue. Solution is to remove the line "renew_lifetime = 7d" from your krb5.conf. It should start working again. |
|
no, uncommented the line renew_lifetime = 7d and still the same issue. | |
Removing line "renew_lifetime = 7d" from krb5.conf also works for me. | |
If this hasn't been worked around yet, can you try this: Edit the java.security file located in the active JDK on the clusters, and add or alter the sun.security.krb5.disableReferrals parameter so that it is set to true: sun.security.krb5.disableReferrals=true |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2020-02-03 12:10 | cir | New Issue | |
2020-02-03 12:10 | cir | Tag Attached: Kernel 3.10.0-693.21.1.el7.x86_64 | |
2020-02-25 08:48 | kdhoe | Note Added: 0036377 | |
2020-02-25 17:15 | cir | Note Added: 0036381 | |
2020-03-05 09:43 | bfilipek | Note Added: 0036462 | |
2020-03-19 19:14 | rg | Note Added: 0036535 |