[31488] in Kerberos
Re: Replay I/O operation failed XXX message
daemon@ATHENA.MIT.EDU (suma)
Fri Sep 18 02:39:55 2009
From: suma <suma.s.gururaj@gmail.com>
Date: Thu, 17 Sep 2009 21:48:06 -0700 (PDT)
Message-ID: <fe5e749c-0c66-4ed7-b2d2-ebe46d26e238@d21g2000vbm.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Sep 16, 11:23 pm, Ken Raeburn <raeb...@MIT.EDU> wrote:
> On Sep 16, 2009, at 02:34, suma wrote:
>
> > I am running several Kerberos authentications in a multithreaded
> > application. The application abruptly stopped with the message
> > "Replay I/O operation failed XXX"
>
> > When would the GSSAPI throw this error. Did the I/O not go through...
>
> It should probably say "Replay cache I/O operation failed", and give
> some more detail. Unfortunately, there are several places where some
> kind of failing operation on the replay cache gets mapped into this
> one internal error code. My first guess would be that a replay cache
> might have been left around under a different uid; it's expected that
> all services sharing a given principal will operate under the same
> uid, since they all need access to the same service principal key.
>
> Ken
Hi Ken and All,
Thanks for your reply. Appreciate it.
I modified my program to see if the multiple threads are causing the I/
O error.
Now my program is single-threaded and performs the following in a
loop.
1. Get TGT
2. Sleep for 2 mins - to ensure the ST and the timestamp are unique
3. Obtain ST
4. Authenticate a user.
5. Get a session for this user and disconnect the session.
When the program is run for a longer duration - typically after an
hour. I run into the "Replay I/O operation failed XXX" error.
I am using kerberos login module from JAAS for authentication. Below
is the Java code that I am using to create ST
==============================================================
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
GSSName clientName =
manager.createName(m_user,
GSSName.NT_USER_NAME);
GSSCredential clientCreds =
manager.createCredential(
clientName,
GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,
GSSCredential.INITIATE_ONLY);
GSSName peerName =
manager.createName(
m_spnName,
null);
GSSContext secContext =
manager.createContext(
peerName,
krb5Mechanism,
clientCreds,
GSSContext.DEFAULT_LIFETIME);
==============================================================
Am I doing something wrong that is causing the Replay I/O error. I
sincerely appreciate any pointers.
Thanks,
--Suma
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
