Hello,

I am facing some problem in Single sign-on using SPNEGO/Kerberos in
Java.
It will be of great help to me if somebody solves this problem.
I am getting the valid SPNEGO token in Tomact web server through
client IE browser.
Now i am trying to validate this token with KDC server using Java GSS
API.

CODE
================================================
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("javax.security.auth.useSubjectCredsOnly",
"false");
System.setProperty("java.security.auth.login.config", "login.conf");
System.setProperty("java.security.krb5.conf", "krb5.conf");

GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.3.6.1.5.5.2");

GSSName serverName = manager.createName(
"m1000778@MINDTREE.COM", null);
GSSContext context = manager.createContext( serverName,
krb5Mechanism, null, GSSContext.DEFAULT_LIFETIME);

// Do the context establishment loop
byte[] token = null;
byte[] spnegoBytes = ....// contains base64 decoded SPNEGO token.
while (!context.isEstablished()) {
token = context.acceptSecContext(spnegoBytes,
0,spnegoBytes.length);
if (token != null) {
break;
}
}

login.conf
=======
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true
useTicketCache=false doNotPrompt=true realm="MINDTREE.COM"
principal="HTTP/dt684-vikash@MINDTREE.COM" debug=true
useKeyTab=true keyTab="C:\\Documents and Settings\\M1003231\
\krb5.keytab";
};

Krb5.conf
=======
[libdefaults]
default_realm = MINDTREE.COM

[realms]
MINDTREE.COM = {
kdc = 172.22.192.2:88
}
================================================
In the above code,
Realm = MINDTREE.COM
KDC server = 172.22.192.2
System name where Tomcat server is running = dt684-vikash
m1000778 is the user name who is trying to login.
We got the SPNEGO token of user m1000778 and now we need to validate
this token in KDC server.
Created KeyTab for principal name "HTTP/dt684-vikash@MINDTREE.COM".

Error i am getting
==============
Client not found in Kerberos database (6)
GSSException: No valid credentials provided (Mechanism level: Attempt
to obtain
new ACCEPT credentials failed!)

What is the problem in the code?
There could be some problem in the configuration.
I think there could be some problem in code below:
GSSName serverName = manager.createName("m1000778@MINDTREE.COM",
null);
Here i am specifying the user name of the system which is trying to
login.

Is there anybody who could help me with this?

Thanks
MADHUKAR