GSSAPI compatibility issue with Java 1.5

• Previous message: Robert Scussel: "Re: sasl ldap log errors"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello

This email attempts to reveal an incompatibility between
clients using Sun's Java 1.5 SASL implementation
and servers which use a Cyrus-SASL + MIT Kerberos
combination. This mail is made up of the following
four sections:

1) Synopsis of the problem
2) Background information.
3) A patch to create a Java Client and Java Server which
   can be run against the sample client and sample server
   that ship with the cyrus distribution.
4) Log files gathered from using the client and server in
   (3) against the cyrus ones. Three scenarios are covered
   here.

Thanks,

Rory

############
# SYNOPSIS #
############

This issue arises when using the GSSAPI mechanism with
Java1.5's SASL implementation to authenticate against
any server that relies on a Cyrus-SASL + MIT Kerberos
combination. The GSSAPI negotiation appears to occur
without a problem, but then at the very end of the
handshake the client is informed (via the application
protocol) that the authentication attempt failed. There
is one syslog entry made in the logs which reads:

    GSSAPI Error: A token was invalid (No error)

Searching google using this error I came across two other
significant victims both of whom solved the problem by
switching from MIT Kerberos to Heimdal. I also made the
switch to Heimdal on one of my machines and everything
started to work just fine. Obviously this would suggest
that the problem - if not with the Java implementation
or my code - is most likely with MIT Kerberos, so you
are probably wondering why I'm bringing the issue up on
this list.

Well, the reason is that all the test code that I have
produced so far has been at the SASL level against servers
using cyrus-sasl. I rekon that if I post a bug report to
MIT with what I've got, and without confirmation from you
that it's not you're problem, they'll just bounce me back
here. It would be great if you could just take a quick look
at the logs included herein and confirm that the issue is
definitly not with cyrus-sasl. Another reason for posting
here was that I figured that the java client and server
included here might be of some use to others.

##############
# BACKGROUND #
##############

The aforementioned problem has been experienced on all
setups that I have tried, namely:

- cyrus-sasl-2.1.19-3 (libsasl2.so.2.0.19) &
  MIT krb5-1.3.4-7 [on Fedora Core 3]
- cyrus-sasl-2.1.19-3 (libsasl2.so.2.0.19) &
  MIT krb5-1.3.6-7 [on Fedora Core 3]
- cyrus-sasl-2.1.20 (libsasl2.so.2.0.20) &
  MIT krb5-1.3.6-r1 [on Gentoo 2005.0]
- cyrus-sasl-2.1.20 (libsasl2.so.2.0.20) &
  MIT krb5-1.4.1-r2 [on Gentoo 2005.0]

I came across this problem when adding Kerberos
functionality to an open-source XMPP library
http://www.ipster.org/tweeze. The server I was using was
Jabberd2 (http://jabberd.jabberstudio.org) patched to use
cyrus-sasl. Since then I have also written some test code
that attempts to authenticate to cyrus-imapd, and also the
client and server that are contained in this email. In all
cases I encountered the same problem with the same syslog
error "GSSAPI Error: A token was invalid (No error)".

##############################
# JAVA CLIENT & JAVA SERVER #
##############################

The following patch reproduces the source code for a java
sasl client and java sasl server that attempt to use the
same protocol as the sample client and server shipped
with the cyrus-sasl distribution (sasl2-sample-server &
sasl2-sample-client on Fedora Core 3).

Instructions:
-------------
1) Extract the patch below or copy this whole mail to a
   file java-sasl.diff
2) patch -p0 < java-sasl.diff
3) cd java-sasl && chmod +x compile run-*
4) Read the README for further instructions.

Patch:
------

diff -Naur --exclude=.svn java-sasl/compile java-sasl-samples/compile
--- java-sasl/compile 1970-01-01 01:00:00.000000000 +0100
+++ java-sasl-samples/compile 2005-07-27 23:45:20.000000000 +0100
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+mkdir -p classes
+javac -d classes src/*.java
+
diff -Naur --exclude=.svn java-sasl/jaas.conf java-sasl-samples/jaas.conf
--- java-sasl/jaas.conf 1970-01-01 01:00:00.000000000 +0100
+++ java-sasl-samples/jaas.conf 2005-07-28 00:51:36.000000000 +0100
@@ -0,0 +1,15 @@
+
+server_krb {
+ com.sun.security.auth.module.Krb5LoginModule required
+ // debug=true
+ storeKey=true
+ keyTab="/etc/krb5.keytab"
+ useKeyTab=true;
+};
+
+client_krb {
+ com.sun.security.auth.module.Krb5LoginModule required
+ // debug="true"
+ useTicketCache="true";
+};
+
diff -Naur --exclude=.svn java-sasl/logging.properties java-sasl-samples/logging.properties
--- java-sasl/logging.properties 1970-01-01 01:00:00.000000000 +0100
+++ java-sasl-samples/logging.properties 2005-07-27 14:18:16.000000000 +0100
@@ -0,0 +1,4 @@
+javax.security.sasl.level=FINEST
+handlers=java.util.logging.ConsoleHandler
+java.util.logging.ConsoleHandler.level=FINEST
+
diff -Naur --exclude=.svn java-sasl/README java-sasl-samples/README
--- java-sasl/README 1970-01-01 01:00:00.000000000 +0100
+++ java-sasl-samples/README 2005-07-28 01:27:58.000000000 +0100
@@ -0,0 +1,41 @@
+
+Compiling code:
+---------------
+
+./compile
+
+
+Running the Server:
+-------------------
+Before running the server you need to change the values for:
+ (1) the kerberos realm
+ (2) the kdc server
+as they appear at the top of the 'run-server' script.
+
+Also, if your keytab file is not /etc/krb5.keytab, then
+you will need to edit the jaas.conf file.
+
+To run the server do:
+
+./run-server hostname
+
+where 'hostname' is the name as it appears in the kerberos
+principal for this server.
+
+
+Running the Client:
+-------------------
+After compiling (and assuming you've run kinit) just do:
+
+./run-client hostname
+
+where 'hostname' is the name as it appears in the kerberos
+principal for this server.
+
+
+Logging output:
+---------------
+
+To receive less verbose output then remove the -D...logging...
+option from whichever run script you wish to silence.
+
diff -Naur --exclude=.svn java-sasl/run-client java-sasl-samples/run-client
--- java-sasl/run-client 1970-01-01 01:00:00.000000000 +0100
+++ java-sasl-samples/run-client 2005-08-01 15:37:11.572850264 +0100
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# If you want to receive just the normal amount of
+# output then remove the -D...logging... line below.
+
+java \
+ -cp $CLASSPATH:classes \
+ -Djava.security.auth.login.config=jaas.conf \
+ -Djava.util.logging.config.file=logging.properties \
+ Launcher client $*
+
+
diff -Naur --exclude=.svn java-sasl/run-server java-sasl-samples/run-server
--- java-sasl/run-server 1970-01-01 01:00:00.000000000 +0100
+++ java-sasl-samples/run-server 2005-07-28 01:26:02.000000000 +0100
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+KRB_REALM=KAYOS.NONE
+KDC_SERVER=kerberos.kayos.none
+
+# If you want to receive just the normal amount of
+# output then remove the -D...logging... line below
+
+java -enableassertions \
+ -cp $CLASSPATH:classes \
+ -Djava.security.krb5.realm=$KRB_REALM \
+ -Djava.security.krb5.kdc=$KDC_SERVER \
+ -Djava.security.auth.login.config=jaas.conf \
+ -Djava.util.logging.config.file=logging.properties \
+ Launcher server $*
+
diff -Naur --exclude=.svn java-sasl/src/Helper.java java-sasl-samples/src/Helper.java
--- java-sasl/src/Helper.java 1970-01-01 01:00:00.000000000 +0100
+++ java-sasl-samples/src/Helper.java 2005-07-28 00:27:59.000000000 +0100
@@ -0,0 +1,66 @@
+
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.IOException;
+import java.util.Formatter;
+
+class Helper {
+
+ public static byte[] receive(InputStream in) throws IOException {
+ StringBuilder sb = new StringBuilder();
+ int x = -1;
+ while ((x = in.read()) != '\n') {
+ assert(x != -1);
+ if (Character.isDigit(x)) {
+ sb.append((char) x);
+ }
+ }
+ int count = Integer.parseInt(sb.toString());
+ byte[] result = new byte[count];
+ for (int i = 0; i < result.length; i++) {
+ x = in.read();
+ assert(x != -1);
+ result[i] = (byte) x;
+ }
+ System.out.println("recv: {" + result.length + "}");
+ System.out.println(toHexishString(result));
+ return result;
+ }
+
+ private static boolean isPrintable(byte b) {
+ char c = (char) b;
+ return (c >= ' ' && c <= '~');
+ }
+
+ private static String toHexishString(byte[] buf) {
+ StringBuilder sb = new StringBuilder();
+ Formatter formatter = new Formatter(sb);
+ for (byte b : buf) {
+ if (isPrintable(b)) {
+ formatter.format("%s", (char) b);
+ } else {
+ formatter.format("[%X]", b);
+ }
+ }
+ return sb.toString();
+ }
+
+ public static void serverSend(byte[] data, OutputStream out)
+ throws IOException {
+ send(data, out, true);
+ }
+
+ public static void send(byte[] data, OutputStream out) throws IOException {
+ send(data, out, false);
+ }
+
+ private static void send(byte[] data, OutputStream out, boolean addPrefix)
+ throws IOException {
+ String header = addPrefix ? "C" : "";
+ header += "{" + data.length + "}";
+ System.out.println("send: " + header);
+ System.out.println(toHexishString(data));
+ out.write(new String(header + "\r\n").getBytes());
+ out.write(data);
+ }
+}
diff -Naur --exclude=.svn java-sasl/src/Launcher.java java-sasl-samples/src/Launcher.java
--- java-sasl/src/Launcher.java 1970-01-01 01:00:00.000000000 +0100
+++ java-sasl-samples/src/Launcher.java 2005-07-28 00:04:09.000000000 +0100
@@ -0,0 +1,28 @@
+
+public class Launcher {
+
+ public static void main(String[] args) throws Exception {
+ if (args.length != 2 || args[1].matches("-h|--help")) {
+ printUsageAndDie();
+ }
+ String app = args[0];
+ String hostname = args[1];
+ if ("client".equals(app)) {
+ MySaslClient client = new MySaslClient(hostname);
+ client.run();
+ } else if ("server".equals(app)) {
+ MySaslServer server = new MySaslServer(hostname);
+ server.run();
+ } else {
+ throw new IllegalArgumentException("main was called incorrectly");
+ }
+ }
+
+ private static void printUsageAndDie() {
+ System.out.println(
+ "Usage: ./run hostname \n\n" +
+ "Where 'hostname' is the hostname as it appears in the " +
+ "server's kerberos principal \n");
+ System.exit(0);
+ }
+}
diff -Naur --exclude=.svn java-sasl/src/MySaslClient.java java-sasl-samples/src/MySaslClient.java
--- java-sasl/src/MySaslClient.java 1970-01-01 01:00:00.000000000 +0100
+++ java-sasl-samples/src/MySaslClient.java 2005-08-01 15:37:25.522729560 +0100
@@ -0,0 +1,90 @@
+
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.IOException;
+import java.net.Socket;
+import java.security.PrivilegedExceptionAction;
+import java.util.Map;
+import java.util.HashMap;
+import javax.security.auth.Subject;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslException;
+import javax.security.auth.login.LoginContext;
+
+public class MySaslClient {
+ private static final int PORT = 12345;
+ private static final String SERVICE_NAME = "rcmd";
+ private static final String MECH_NAME = "GSSAPI";
+ private static final String JAAS_NAME = "client_krb";
+ private static final byte SUCCESS = (byte) 'O';
+ private static final byte FAILURE = (byte) 'N';
+ private static final byte[] EMPTY = new byte[0];
+ private final String hostname;
+ private Socket socket;
+ private InputStream in;
+ private OutputStream out;
+ private Subject authSubj;
+
+ public MySaslClient(String hostname) throws Exception {
+ this.hostname = hostname;
+ socket = new Socket(hostname, PORT);
+ in = socket.getInputStream();
+ out = socket.getOutputStream();
+ LoginContext loginContext = new LoginContext(JAAS_NAME);
+ loginContext.login();
+ authSubj = loginContext.getSubject();
+ }
+
+ public void run() throws Exception {
+ Subject.doAs(authSubj, new PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ SaslClient sasl = createSaslClient();
+ Helper.receive(in);
+ Helper.send("GSSAPI".getBytes(), out);
+ Helper.send("Y".getBytes(), out);
+ byte[] response = sasl.evaluateChallenge(EMPTY);
+ Helper.send(response, out);
+ while (!sasl.isComplete()) {
+ byte[] serverChallenge = Helper.receive(in);
+ response = sasl.evaluateChallenge(serverChallenge);
+ Helper.send(response, out);
+ }
+ checkAuthResult();
+ return null;
+ }
+ });
+ }
+
+ private void checkAuthResult() throws IOException {
+ char lastChar = (char) in.read();
+ if (lastChar == SUCCESS) {
+ System.out.println("SUCCEEDED");
+ } else if (lastChar == FAILURE) {
+ System.out.println("FAILED");
+ } else {
+ throw new RuntimeException("Unexpected last char: " + lastChar);
+ }
+ }
+
+ /* You can enable mutual authentication by uncommenting the
+ * line 'props.put(Sasl.SERVER_AUTH, "true");'. However, if you
+ * are going to do this you will encounter what appears to be a
+ * bug with Sun's logging of SASL activities. So, if you don't
+ * want to encounter a NullPointerException you will also need
+ * to remove the '-D...logging...' line from the run script.
+ * Typical, eh! The one setup we could really do with decent
+ * logging on.
+ */
+ private SaslClient createSaslClient() throws SaslException {
+ Map<String, Object> props = new HashMap<String, Object>();
+ // props.put(Sasl.SERVER_AUTH, "true");
+ return Sasl.createSaslClient(
+ new String[] { MECH_NAME },
+ null,
+ SERVICE_NAME,
+ hostname,
+ props,
+ null);
+ }
+}
diff -Naur --exclude=.svn java-sasl/src/MySaslServer.java java-sasl-samples/src/MySaslServer.java
--- java-sasl/src/MySaslServer.java 1970-01-01 01:00:00.000000000 +0100
+++ java-sasl-samples/src/MySaslServer.java 2005-07-28 00:28:41.000000000 +0100
@@ -0,0 +1,113 @@
+
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.IOException;
+import java.net.Socket;
+import java.net.ServerSocket;
+import java.security.PrivilegedExceptionAction;
+import java.util.HashMap;
+import javax.security.auth.Subject;
+import javax.security.sasl.AuthorizeCallback;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslServer;
+import javax.security.sasl.SaslException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+
+public class MySaslServer {
+ private static final int PORT = 12345;
+ private static final String SERVICE_NAME = "rcmd";
+ private static final String MECH_NAME = "GSSAPI";
+ private static final String JAAS_NAME = "server_krb";
+ private static final byte SUCCESS = (byte) 'O';
+ private final String hostname;
+ private ServerSocket serverSocket;
+ private Subject authSubj;
+
+ public MySaslServer(String hostname) throws Exception {
+ this.hostname = hostname;
+ serverSocket = new ServerSocket(PORT);
+ LoginContext loginContext = new LoginContext(
+ JAAS_NAME, new MyLoginCallbackHandler());
+ loginContext.login();
+ authSubj = loginContext.getSubject();
+ }
+
+ public void run() throws Exception {
+ while (true) {
+ Socket socket = serverSocket.accept();
+ final InputStream in = socket.getInputStream();
+ final OutputStream out = socket.getOutputStream();
+
+ Subject.doAs(authSubj, new PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ SaslServer sasl = createSaslServer();
+ String s = "LOGIN CRAM-MD5 PLAIN GSSAPI " +
+ "ANONYMOUS DIGEST-MD5";
+ Helper.send(s.getBytes(), out);
+ Helper.receive(in);
+ Helper.receive(in);
+ while (!sasl.isComplete()) {
+ byte[] clientResponse = Helper.receive(in);
+ byte[] challenge = sasl.evaluateResponse(clientResponse);
+ if (challenge == null) {
+ out.write(SUCCESS);
+ System.out.println(
+ "Client Authenticated Successfully \n");
+ break;
+ }
+ Helper.serverSend(challenge, out);
+ }
+ return null;
+ }
+ });
+ }
+ }
+
+ private SaslServer createSaslServer() throws SaslException {
+ return Sasl.createSaslServer(
+ MECH_NAME,
+ SERVICE_NAME,
+ hostname,
+ new HashMap<String, Object>(), // gives better logs
+ new MySaslCallbackHandler());
+ }
+
+ private abstract class MyBaseCallbackHandler implements CallbackHandler {
+
+ protected abstract boolean handle(Callback callback);
+
+ public void handle(Callback[] callbacks) {
+ for (Callback cb : callbacks) {
+ if (!handle(cb)) {
+ throw new RuntimeException("Unexpected Callback: " +
+ cb.getClass().getName());
+ }
+ }
+ }
+ }
+
+ private class MyLoginCallbackHandler extends MyBaseCallbackHandler {
+ protected boolean handle(Callback callback) {
+ if (callback instanceof NameCallback) {
+ NameCallback ncb = (NameCallback) callback;
+ ncb.setName(SERVICE_NAME + "/" + hostname);
+ return true;
+ }
+ return false;
+ }
+ }
+
+ private class MySaslCallbackHandler extends MyBaseCallbackHandler {
+ protected boolean handle(Callback callback) {
+ if (callback instanceof AuthorizeCallback) {
+ AuthorizeCallback acb = (AuthorizeCallback) callback;
+ acb.setAuthorized(true);
+ return true;
+ }
+ return false;
+ }
+ }
+}

########
# LOGS #
########

Three Scenarios:
----------------
1) Java Client against Cyrus Server with mutual
   authentication enabled.
2) Java Client against Cyrus Server without mutual
   authentication enabled, but with verbose logging from
   java client.
3) Java Server against Cyrus Client followed by Java Server
   against Java Client. Server logs only.

Note: Since the cyrus client opts for mutual
authentication, we would ideally like to replace (1) &
(2) above with one scenario where there is both: mutual
authentication enabled; and verbose logging turned on in
java client. Unfortuanatly there appears to be a bug in
Sun's implementaion of their SASL logging which throws
a NullPointerException when we try to log with mutual
authentication turned on.

The relevant details for the logs that follow are:

    Domain = kayos,none
    User Principal =
    Server Principal = rcmd/

##############
# Scenraio 1:
##############
Description: Java Client against Cyrus Server - with mutual
authentication enabled.

===> CYRUS SERVER LOG <===
--------------------------
trying 10, 1, 6
trying 2, 1, 6
bind: Address already in use
accepted new connection
send: {46}
CRAM-MD5 PLAIN OTP GSSAPI ANONYMOUS DIGEST-MD5
recv: {6}
GSSAPI
recv: {1}
Y
recv: {471}
`[82][1][D3][6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][1][C2]0[82][1][BE][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0] [0][0][0][A3][81][FF]a[81][FC]0[81][F9][A0][3][2][1][5][A1][C][1B][A]KAYOS.NONE[A2]"0 [A0][3][2][1][0][A1][19]0[17][1B][4]rcmd[1B][F]judd.kayos.none[A3][81][BF]0[81][BC][A0][3][2][1][10][A1][3][2][1][3][A2][81][AF][4][81][AC][8]k[7][DE]O[[DD][AC]P[D3][A2][5][CB][F]$[F4]GfD{;RE[AF]jC[13][6]90[EF]Zf[98]pnU[BC][9A][16][17][B0]&[B1]gW[A5]L[C4]K[97][C2][EE][B6]V[A5]45[FC][3]m[DE]4[F6][D9]d[A8][D7]sU[EF][BD][BD][96][88][AC]'/[D5]i[E2][93]XZ[B6][BF]kC[ED][B0][EE]"[AA],[8][1E][DB]%[DC]D[B7]LE[F3][D8];<[BB]YF[A6]Y[84][BA]56[C9][97][F6]/[D][98]gSp[EF][FC][FC]u|[8C][8B]6[CF][B1][DD][D2][B][10]O[F4]t[D][CA] =[1C][CE][F6]a?)%[9F][1F][F1]z[EA][A2][90]X[F4]C[DF][EB][BA]6[D5][D6]U[9]|[A4][81][A6]0[81][A3][A0][3][2][1][1][A2][81][9B][4][81][98][CC][5][E6]A[82]N[EB]_[82]{[BE][12][E1]1[E][4][B0][A][FF][D3][4][E9][F][1][C][8][BC][1E][FA][8D]z[CA][15]#e[1A][F6]%[F1][BB][CE]!
 [FF][B9]:[FF][AC][C3][96][DC][D3][CD][85]g G[92];[EC]1[9C];[E7][BE][FE]H[F9]G[11][0][15][84][5][81][99]r[B3]{V[FE]lW[B1][D9][E5]P[CA][18][98][F6][FE]Qv[D2]D_v[BB][18]9[F3]_[AD]m[9F]{[EA][B0][B4][81]oc[CD][10][CB]t[10][EE]8[8F][BF][9][A9]t&[92][1D][BD][8D][FA][FD][DE][E9][FF]3{[93]iCd[8A]w[BB]~[7][B8][11][A3][DC]2[D6][F5]p
send: {114}
`p[6][9]*[86]H[86][F7][12][1][2][2][2][0]oa0_[A0][3][2][1][5][A1][3][2][1][F][A2]S0Q[A0][3][2][1][1][A2]J[4]Hv-9[17]SQ1s[A][2][BB]j[F5][D4][AA]R[17][EF].[B7]5[B4][8F]<[A7][90][FB]Xz[D1][E9][A6]C[D5]O[B3][1E]MVb[AB][A2][1E]4EA[F8][B0]B[95][94][A9]C[1C]3h[CA][FC][DD][0]u[DC]5[CC][EC][B6][E9][82][CD][9A][E2][AE]
recv: {0}

send: {53}
`3[6][9]*[86]H[86][F7][12][1][2][2][2][1][0][0][FF][FF][FF][FF]v[4][A6][E6]g.[8D][F9][9E]:N[D6][AD]^x[EC][B6][8C]czN[CD][D6][C8][1][0][0][0][4][4][4][4]
recv: {53}
`3[6][9]*[86]H[86][F7][12][1][2][2][2][1][2][0][FF][FF][FF][FF]9`[8E][15][B9]'[E][95]k[EF][A6][FE][E6][EB][BD][8E]e[1]5[F3][8E][AE]`[EB][1][1][0][0][4][4][4][4]
performing SASL negotiation: generic failureclosing connection

===> JAVA CLIENT LOG <===
-------------------------
recv: {46}
CRAM-MD5 PLAIN OTP GSSAPI ANONYMOUS DIGEST-MD5
send: {6}
GSSAPI
send: {1}
Y
send: {471}
`[82][1][D3][6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][1][C2]0[82][1][BE][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0] [0][0][0][A3][81][FF]a[81][FC]0[81][F9][A0][3][2][1][5][A1][C][1B][A]KAYOS.NONE[A2]"0 [A0][3][2][1][0][A1][19]0[17][1B][4]rcmd[1B][F]judd.kayos.none[A3][81][BF]0[81][BC][A0][3][2][1][10][A1][3][2][1][3][A2][81][AF][4][81][AC][8]k[7][DE]O[[DD][AC]P[D3][A2][5][CB][F]$[F4]GfD{;RE[AF]jC[13][6]90[EF]Zf[98]pnU[BC][9A][16][17][B0]&[B1]gW[A5]L[C4]K[97][C2][EE][B6]V[A5]45[FC][3]m[DE]4[F6][D9]d[A8][D7]sU[EF][BD][BD][96][88][AC]'/[D5]i[E2][93]XZ[B6][BF]kC[ED][B0][EE]"[AA],[8][1E][DB]%[DC]D[B7]LE[F3][D8];<[BB]YF[A6]Y[84][BA]56[C9][97][F6]/[D][98]gSp[EF][FC][FC]u|[8C][8B]6[CF][B1][DD][D2][B][10]O[F4]t[D][CA] =[1C][CE][F6]a?)%[9F][1F][F1]z[EA][A2][90]X[F4]C[DF][EB][BA]6[D5][D6]U[9]|[A4][81][A6]0[81][A3][A0][3][2][1][1][A2][81][9B][4][81][98][CC][5][E6]A[82]N[EB]_[82]{[BE][12][E1]1[E][4][B0][A][FF][D3][4][E9][F][1][C][8][BC][1E][FA][8D]z[CA][15]#e[1A][F6]%[F1][BB][CE]!
 [FF][B9]:[FF][AC][C3][96][DC][D3][CD][85]g G[92];[EC]1[9C];[E7][BE][FE]H[F9]G[11][0][15][84][5][81][99]r[B3]{V[FE]lW[B1][D9][E5]P[CA][18][98][F6][FE]Qv[D2]D_v[BB][18]9[F3]_[AD]m[9F]{[EA][B0][B4][81]oc[CD][10][CB]t[10][EE]8[8F][BF][9][A9]t&[92][1D][BD][8D][FA][FD][DE][E9][FF]3{[93]iCd[8A]w[BB]~[7][B8][11][A3][DC]2[D6][F5]p
recv: {114}
`p[6][9]*[86]H[86][F7][12][1][2][2][2][0]oa0_[A0][3][2][1][5][A1][3][2][1][F][A2]S0Q[A0][3][2][1][1][A2]J[4]Hv-9[17]SQ1s[A][2][BB]j[F5][D4][AA]R[17][EF].[B7]5[B4][8F]<[A7][90][FB]Xz[D1][E9][A6]C[D5]O[B3][1E]MVb[AB][A2][1E]4EA[F8][B0]B[95][94][A9]C[1C]3h[CA][FC][DD][0]u[DC]5[CC][EC][B6][E9][82][CD][9A][E2][AE]
send: {0}

recv: {53}
`3[6][9]*[86]H[86][F7][12][1][2][2][2][1][0][0][FF][FF][FF][FF]v[4][A6][E6]g.[8D][F9][9E]:N[D6][AD]^x[EC][B6][8C]czN[CD][D6][C8][1][0][0][0][4][4][4][4]
send: {53}
`3[6][9]*[86]H[86][F7][12][1][2][2][2][1][2][0][FF][FF][FF][FF]9`[8E][15][B9]'[E][95]k[EF][A6][FE][E6][EB][BD][8E]e[1]5[F3][8E][AE]`[EB][1][1][0][0][4][4][4][4]
FAILED

##############
# Scenraio 2:
##############
Description: Java Client against Cyrus Server - without
mutual authentication enabled, and with verbose logging
turned on in java client.

===> CYRUS SERVER LOG <===
--------------------------
trying 10, 1, 6
trying 2, 1, 6
bind: Address already in use
accepted new connection
send: {46}
CRAM-MD5 PLAIN OTP GSSAPI ANONYMOUS DIGEST-MD5
recv: {6}
GSSAPI
recv: {1}
Y
recv: {471}
`[82][1][D3][6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][1][C2]0[82][1][BE][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0][0][0][0][0][A3][81][FF]a[81][FC]0[81][F9][A0][3][2][1][5][A1][C][1B][A]KAYOS.NONE[A2]"0 [A0][3][2][1][0][A1][19]0[17][1B][4]rcmd[1B][F]judd.kayos.none[A3][81][BF]0[81][BC][A0][3][2][1][10][A1][3][2][1][3][A2][81][AF][4][81][AC]`Z[AA][DB][D4][F7]I![C1][92][A1]8E[9A]:[8E][CE][B][18]=[C][1C])[FF][8V[91][B6]2[A5]PI|[87][E][A3][C9][0]|O[DA]([D0]O[2][AB]W[DF][DB]'F[E3][86][9E][C9][D1][2][C5]L[92]s[C2][10]DP[BE]#"_[CF][D8][E9]a[F][BD][A6][9][9D]4[CD]'[EB][A0]OV@[90][A0]/[7]8S[82]m[8C]([D8][FC]P[E][EA][BB]`[EB][B0]H[19]Ki[8][BE][CC][CC]O|Z[2]Z[D0]Wd[1B][E4]B-E|[8B][91][8][A4][85][7][AD][16]:\DJ[1C][9E]B[18][81][E5][8D][13][B2][6][F1][DC]f[[A4]1[6][B0][E7][18][1E]"[2][9F]4[EC][90][0][EB][91][91]u[A4][81][A6]0[81][A3][A0][3][2][1][1][A2][81][9B][4][81][98][D5][D][8[88][97][8D][FF][7][B][C6][12]s[AC][AE][A3][A7]2[A][A6]n4[9A]C[F5][F][19][F][B7][EB][D6][CD][95]_[89!
 ]W[DB][CE][A4]k[CB]w[D9][3][EA]&[B0][ED][8A][DD][A4][FC]x[B3][CE]'[8B][F5][D]V}[10][4][DC][C]dF[D1][9A]EU[E2]S[89]&[10][B2]HQ[CA][7]N[B2][E2][E]>[D1][EB],mE[8C][8][1E][90][9C]j[97][AE][91][A8][1F]K[1B][D][A0][E9][92]tr"[B4]9[B9]W[EE][F][C6][1A][5][94][B2][AD]<4[9]Oz[4][D0]B[BB][DE][BF]l'[9A]p[B]sy[FD]K0[9][FA][84]D[91]|[C0][C]
send: {0}

recv: {0}

send: {53}
`3[6][9]*[86]H[86][F7][12][1][2][2][2][1][0][0][FF][FF][FF][FF][B2][0][[9][A1][8A]N[A1][1A][DF][9E][95][11]N[FD],?[95][B3][C2]y[95]jk[1][0][0][0][4][4][4][4]
recv: {53}
`3[6][9]*[86]H[86][F7][12][1][2][2][2][1][2][0][FF][FF][FF][FF][9F][B1]F[9B]`[7][D3][E2][EB][F6][DB][18][9C]5?[8]2V[86]w|Il[FD][1][1][0][0][4][4][4][4]
performing SASL negotiation: generic failureclosing connection

===> JAVA CLIENT LOG <===
-------------------------
Aug 1, 2005 12:25:44 PM com.sun.security.sasl.gsskerb.GssKrb5Client constructor
FINE: SASLIMPL01:Preferred qop property: null
Aug 1, 2005 12:25:44 PM com.sun.security.sasl.gsskerb.GssKrb5Client constructor
FINE: SASLIMPL02:Preferred qop mask: 1
Aug 1, 2005 12:25:44 PM com.sun.security.sasl.gsskerb.GssKrb5Client constructor
FINE: SASLIMPL03:Preferred qops : 1
Aug 1, 2005 12:25:44 PM com.sun.security.sasl.gsskerb.GssKrb5Client constructor
FINE: SASLIMPL04:Preferred strength property: null
Aug 1, 2005 12:25:44 PM com.sun.security.sasl.gsskerb.GssKrb5Client constructor
FINE: SASLIMPL05:Cipher strengths: 4 2 1
Aug 1, 2005 12:25:44 PM com.sun.security.sasl.gsskerb.GssKrb5Client <init>
FINE: KRB5CLNT01:Requesting service name:
recv: {46}
CRAM-MD5 PLAIN OTP GSSAPI ANONYMOUS DIGEST-MD5
send: {6}
GSSAPI
send: {1}
Y
Aug 1, 2005 12:25:45 PM com.sun.security.sasl.gsskerb.GssKrb5Client evaluteChallenge
FINEST: KRB5CLNT02:Challenge: [raw] ( 0 ):
Aug 1, 2005 12:25:45 PM com.sun.security.sasl.gsskerb.GssKrb5Client evaluateChallenge
FINEST: KRB5CLNT03:Response: [after initSecCtx] ( 471 ): 0000: 60 82 01 D3 06 09 2A 86 48 86 F7 12 01 02 02 01 `.....*.H.......
0010: 00 6E 82 01 C2 30 82 01 BE A0 03 02 01 05 A1 03 .n...0..........
0020: 02 01 0E A2 07 03 05 00 00 00 00 00 A3 81 FF 61 ...............a
0030: 81 FC 30 81 F9 A0 03 02 01 05 A1 0C 1B 0A 4B 41 ..0...........KA
0040: 59 4F 53 2E 4E 4F 4E 45 A2 22 30 20 A0 03 02 01 YOS.NONE."0 ....
0050: 00 A1 19 30 17 1B 04 72 63 6D 64 1B 0F 6A 75 64 ...0...rcmd..jud
0060: 64 2E 6B 61 79 6F 73 2E 6E 6F 6E 65 A3 81 BF 30 d.kayos.none...0
0070: 81 BC A0 03 02 01 10 A1 03 02 01 03 A2 81 AF 04 ................
0080: 81 AC 60 5A AA DB D4 F7 49 21 C1 92 A1 38 45 9A ..`Z....I!...8E.
0090: 3A 8E CE 0B 18 3D 0C 1C 29 FF 5B 38 56 91 B6 32 :....=..).[8V..2
00A0: A5 50 49 7C 87 0E A3 C9 00 7C 4F DA 28 D0 4F 02 .PI.......O.(.O.
00B0: AB 57 DF DB 27 46 E3 86 9E C9 D1 02 C5 4C 92 73 .W..'F.......L.s
00C0: C2 10 44 50 BE 23 22 5F CF D8 E9 61 0F BD A6 09 ..DP.#"_...a....
00D0: 9D 34 CD 27 EB A0 4F 56 40 90 A0 2F 07 38 53 82 .4.' dot dot OV at dot dot /.8S.
00E0: 6D 8C 28 D8 FC 50 0E EA BB 60 EB B0 48 19 4B 69 m.(..P...`..H.Ki
00F0: 08 BE CC CC 4F 7C 5A 02 5A D0 57 64 1B E4 42 2D ....O.Z.Z.Wd..B-
0100: 45 7C 8B 91 08 A4 85 07 AD 16 3A 5C 44 4A 1C 9E E.........:\DJ..
0110: 42 18 81 E5 8D 13 B2 06 F1 DC 66 5B A4 31 06 B0 B.........f[.1..
0120: E7 18 1E 22 02 9F 34 EC 90 00 EB 91 91 75 A4 81 ..."..4......u..
0130: A6 30 81 A3 A0 03 02 01 01 A2 81 9B 04 81 98 D5 .0..............
0140: 0D 5B 38 88 97 8D FF 07 0B C6 12 73 AC AE A3 A7 .[8........s....
0150: 32 0A A6 6E 34 9A 43 F5 0F 19 0F B7 EB D6 CD 95 2..n4.C.........
0160: 5F 89 57 DB CE A4 6B CB 77 D9 03 EA 26 B0 ED 8A _.W...k.w...&...
0170: DD A4 FC 78 B3 CE 27 8B F5 0D 56 7D 10 04 DC 0C ...x..'...V.....
0180: 64 46 D1 9A 45 55 E2 53 89 26 10 B2 48 51 CA 07 dF..EU.S.&..HQ..
0190: 4E B2 E2 0E 3E D1 EB 2C 6D 45 8C 08 1E 90 9C 6A N...>..,mE.....j
01A0: 97 AE 91 A8 1F 4B 1B 0D A0 E9 92 74 72 22 B4 39 .....K.....tr".9
01B0: B9 57 EE 0F C6 1A 05 94 B2 AD 3C 34 09 4F 7A 04 .W........<4.Oz.
01C0: D0 42 BB DE BF 6C 27 9A 70 0B 73 79 FD 4B 30 09 .B...l'.p.sy.K0.
01D0: FA 84 44 91 7C C0 0C ..D....

send: {471}
`[82][1][D3][6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][1][C2]0[82][1][BE][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0][0][0][0][0][A3][81][FF]a[81][FC]0[81][F9][A0][3][2][1][5][A1][C][1B][A]KAYOS.NONE[A2]"0 [A0][3][2][1][0][A1][19]0[17][1B][4]rcmd[1B][F]judd.kayos.none[A3][81][BF]0[81][BC][A0][3][2][1][10][A1][3][2][1][3][A2][81][AF][4][81][AC]`Z[AA][DB][D4][F7]I![C1][92][A1]8E[9A]:[8E][CE][B][18]=[C][1C])[FF][8V[91][B6]2[A5]PI|[87][E][A3][C9][0]|O[DA]([D0]O[2][AB]W[DF][DB]'F[E3][86][9E][C9][D1][2][C5]L[92]s[C2][10]DP[BE]#"_[CF][D8][E9]a[F][BD][A6][9][9D]4[CD]'[EB][A0]OV@[90][A0]/[7]8S[82]m[8C]([D8][FC]P[E][EA][BB]`[EB][B0]H[19]Ki[8][BE][CC][CC]O|Z[2]Z[D0]Wd[1B][E4]B-E|[8B][91][8][A4][85][7][AD][16]:\DJ[1C][9E]B[18][81][E5][8D][13][B2][6][F1][DC]f[[A4]1[6][B0][E7][18][1E]"[2][9F]4[EC][90][0][EB][91][91]u[A4][81][A6]0[81][A3][A0][3][2][1][1][A2][81][9B][4][81][98][D5][D][8[88][97][8D][FF][7][B][C6][12]s[AC][AE][A3][A7]2[A][A6]n4[9A]C[F5][F][19][F][B7][EB][D6][CD][95]_[89!
 ]W[DB][CE][A4]k[CB]w[D9][3][EA]&[B0][ED][8A][DD][A4][FC]x[B3][CE]'[8B][F5][D]V}[10][4][DC][C]dF[D1][9A]EU[E2]S[89]&[10][B2]HQ[CA][7]N[B2][E2][E]>[D1][EB],mE[8C][8][1E][90][9C]j[97][AE][91][A8][1F]K[1B][D][A0][E9][92]tr"[B4]9[B9]W[EE][F][C6][1A][5][94][B2][AD]<4[9]Oz[4][D0]B[BB][DE][BF]l'[9A]p[B]sy[FD]K0[9][FA][84]D[91]|[C0][C]
recv: {0}

Aug 1, 2005 12:25:45 PM com.sun.security.sasl.gsskerb.GssKrb5Client doFinalHandshake
FINEST: KRB5CLNT04:Challenge [raw]: ( 0 ):
send: {0}

recv: {53}
`3[6][9]*[86]H[86][F7][12][1][2][2][2][1][0][0][FF][FF][FF][FF][B2][0][[9][A1][8A]N[A1][1A][DF][9E][95][11]N[FD],?[95][B3][C2]y[95]jk[1][0][0][0][4][4][4][4]
Aug 1, 2005 12:25:45 PM com.sun.security.sasl.gsskerb.GssKrb5Client doFinalHandshake
FINEST: KRB5CLNT04:Challenge [raw]: ( 53 ): 0000: 60 33 06 09 2A 86 48 86 F7 12 01 02 02 02 01 00 `3..*.H.........
0010: 00 FF FF FF FF B2 00 5B 09 A1 8A 4E A1 1A DF 9E .......[...N....
0020: 95 11 4E FD 2C 3F 95 B3 C2 79 95 6A 6B 01 00 00 ..N.,?...y.jk...
0030: 00 04 04 04 04 .....

Aug 1, 2005 12:25:45 PM com.sun.security.sasl.gsskerb.GssKrb5Client doFinalHandshake
FINEST: KRB5CLNT05:Challenge [unwrapped]: ( 4 ): 0000: 01 00 00 00 ....

Aug 1, 2005 12:25:45 PM com.sun.security.sasl.gsskerb.GssKrb5Client doFinalHandshake
FINE: KRB5CLNT06:Server protections: 1
Aug 1, 2005 12:25:45 PM com.sun.security.sasl.gsskerb.GssKrb5Client doFinalHandshake
FINE: KRB5CLNT07:Client max recv size: 65,536; server max recv size: 0; rawSendSize: -57
Aug 1, 2005 12:25:45 PM com.sun.security.sasl.gsskerb.GssKrb5Client doFinalHandshake
FINE: KRB5CLNT08:Selected protection: 1; privacy: false; integrity: false
Aug 1, 2005 12:25:45 PM com.sun.security.sasl.gsskerb.GssKrb5Client doFinalHandshake
FINEST: KRB5CLNT10:Response [raw] ( 4 ): 0000: 01 01 00 00 ....

Aug 1, 2005 12:25:45 PM com.sun.security.sasl.gsskerb.GssKrb5Client doFinalHandshake
FINEST: KRB5CLNT11:Response [after wrap] ( 53 ): 0000: 60 33 06 09 2A 86 48 86 F7 12 01 02 02 02 01 02 `3..*.H.........
0010: 00 FF FF FF FF 9F B1 46 9B 60 07 D3 E2 EB F6 DB .......F.`......
0020: 18 9C 35 3F 08 32 56 86 77 7C 49 6C FD 01 01 00 ..5?.2V.w.Il....
0030: 00 04 04 04 04 .....

send: {53}
`3[6][9]*[86]H[86][F7][12][1][2][2][2][1][2][0][FF][FF][FF][FF][9F][B1]F[9B]`[7][D3][E2][EB][F6][DB][18][9C]5?[8]2V[86]w|Il[FD][1][1][0][0][4][4][4][4]
FAILED

##############
# Scenraio 3:
##############
Description: Cyrus Client against Java Server (server
logs only) followed by Java Client against Java Server
(server logs only).

===> CYRUS CLIENT & JAVA SERVER (server logs) <===
--------------------------------------------------
Aug 1, 2005 12:58:44 PM com.sun.security.sasl.gsskerb.GssKrb5Server constructor
FINE: SASLIMPL01:Preferred qop property: null
Aug 1, 2005 12:58:44 PM com.sun.security.sasl.gsskerb.GssKrb5Server constructor
FINE: SASLIMPL02:Preferred qop mask: 1
Aug 1, 2005 12:58:44 PM com.sun.security.sasl.gsskerb.GssKrb5Server constructor
FINE: SASLIMPL03:Preferred qops : 1
Aug 1, 2005 12:58:44 PM com.sun.security.sasl.gsskerb.GssKrb5Server constructor
FINE: SASLIMPL04:Preferred strength property: null
Aug 1, 2005 12:58:44 PM com.sun.security.sasl.gsskerb.GssKrb5Server constructor
FINE: SASLIMPL05:Cipher strengths: 4 2 1
Aug 1, 2005 12:58:44 PM com.sun.security.sasl.gsskerb.GssKrb5Server <init>
FINE: KRB5SRV01:Using service name:
Aug 1, 2005 12:58:44 PM com.sun.security.sasl.gsskerb.GssKrb5Server <init>
FINE: KRB5SRV02:Initialization complete
send: {48}
LOGIN CRAM-MD5 PLAIN GSSAPI ANONYMOUS DIGEST-MD5
recv: {6}
GSSAPI
recv: {1}
Y
recv: {471}
`[82][1][D3][6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][1][C2]0[82][1][BE][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0] [0][0][0][A3][81][FF]a[81][FC]0[81][F9][A0][3][2][1][5][A1][C][1B][A]KAYOS.NONE[A2]"0 [A0][3][2][1][0][A1][19]0[17][1B][4]rcmd[1B][F]judd.kayos.none[A3][81][BF]0[81][BC][A0][3][2][1][10][A1][3][2][1][3][A2][81][AF][4][81][AC][E6][91][C3][D1],(-T`[B0][ED])[89]_EZF[DC]H[D][EC][3]ah[A1][98][EE][9F].rs[E3][96][D6][88]z[BE][9][A9]{[17][94][11][D0][B]u[E4][,[9D]^-"[F4][0][F4][F5]N[F3][E8][D2][B6]U[1B][EC][19]!D[B2][D6][6][E7][F6][D4]}[ED][81]<[CE]e[D4]~[88][E3][AD]a[E5][D9]F[18]i[V.x[8D][D][E3]ri[98][D5][9F]?[8][A9][6]92t[1E][9F]6*j[AD][6][D5][BC][A6][FD][BC][16][E0][1B][10]eV{[0][90][1D][EB]d*S[BC][13][D5][D8][E2][F5][98]]B[A7]E[1B][C4]&[B0]l[CB]*hH>f[E8][6]yM[F7][CB][B4][F6][D9][BA][99][12][8C],[A4][81][A6]0[81][A3][A0][3][2][1][1][A2][81][9B][4][81][98][BA][A4][13];[B7][94][F8]m[E5]?[E9][D5]tX[8B]u[95][15][FA][BD][FD][C9][1]7[A7][E3][C3][A2][E4][E8].[B3]Z[!
 5]C[CC]X[81][D6][B9]V[83][8]\[94][16][E0][F4][90][D2]2\[FD])[16][9C]VG[EE]Cz[1C]{z[[CF][A2][E1]:x_[D8]}[1C]o[A0]"[C3]V [BF][AD][99][AC]%e"[A4][12]8[E][A2]|b[8A][B8][8B][D0][C4]{[DC]kw[17]i[1C][9C]@[BF][9][B3]y[D4][C3][FE][EE]~)[9F]E[1C][C3]"[EA][B0]%/[8D]J[A8]l[AF][F3][5][E8]+N[8B]oH[1F],z[C4]#?0[EF][1]<[1]D
Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server evaluateResponse
FINEST: KRB5SRV03:Response [raw]: ( 471 ): 0000: 60 82 01 D3 06 09 2A 86 48 86 F7 12 01 02 02 01 `.....*.H.......
0010: 00 6E 82 01 C2 30 82 01 BE A0 03 02 01 05 A1 03 .n...0..........
0020: 02 01 0E A2 07 03 05 00 20 00 00 00 A3 81 FF 61 ........ ......a
0030: 81 FC 30 81 F9 A0 03 02 01 05 A1 0C 1B 0A 4B 41 ..0...........KA
0040: 59 4F 53 2E 4E 4F 4E 45 A2 22 30 20 A0 03 02 01 YOS.NONE."0 ....
0050: 00 A1 19 30 17 1B 04 72 63 6D 64 1B 0F 6A 75 64 ...0...rcmd..jud
0060: 64 2E 6B 61 79 6F 73 2E 6E 6F 6E 65 A3 81 BF 30 d.kayos.none...0
0070: 81 BC A0 03 02 01 10 A1 03 02 01 03 A2 81 AF 04 ................
0080: 81 AC E6 91 C3 D1 2C 28 2D 54 60 B0 ED 29 89 5F ......,(-T`..)._
0090: 45 5A 46 DC 48 0D EC 03 61 68 A1 98 EE 9F 2E 72 EZF.H...ah.....r
00A0: 73 E3 96 D6 88 7A BE 09 A9 7B 17 94 11 D0 0B 75 s....z.........u
00B0: E4 5B 2C 9D 5E 2D 22 F4 00 F4 F5 4E F3 E8 D2 B6 .[,.^-"....N....
00C0: 55 1B EC 19 21 44 B2 D6 06 E7 F6 D4 7D ED 81 3C U...!D.........<
00D0: CE 65 D4 7E 88 E3 AD 61 E5 D9 46 18 69 5B 56 2E .e.....a..F.i[V.
00E0: 78 8D 0D E3 72 69 98 D5 9F 3F 08 A9 06 39 32 74 x...ri...?...92t
00F0: 1E 9F 36 2A 6A AD 06 D5 BC A6 FD BC 16 E0 1B 10 ..6*j...........
0100: 65 56 7B 00 90 1D EB 64 2A 53 BC 13 D5 D8 E2 F5 eV.....d*S......
0110: 98 5D 42 A7 45 1B C4 26 B0 6C CB 2A 68 48 3E 66 .]B.E..&.l.*hH>f
0120: E8 06 79 4D F7 CB B4 F6 D9 BA 99 12 8C 2C A4 81 ..yM.........,..
0130: A6 30 81 A3 A0 03 02 01 01 A2 81 9B 04 81 98 BA .0..............
0140: A4 13 3B B7 94 F8 6D E5 3F E9 D5 74 58 8B 75 95 ..;...m.?..tX.u.
0150: 15 FA BD FD C9 01 37 A7 E3 C3 A2 E4 E8 2E B3 5A ......7........Z
0160: 05 43 CC 58 81 D6 B9 56 83 08 5C 94 16 E0 F4 90 .C.X...V..\.....
0170: D2 32 5C FD 29 16 9C 56 47 EE 43 7A 1C 7B 7A 5B .2\.)..VG.Cz..z[
0180: CF A2 E1 3A 78 5F D8 7D 1C 6F A0 22 C3 56 20 BF ...:x_...o.".V .
0190: AD 99 AC 25 65 22 A4 12 38 0E A2 7C 62 8A B8 8B ...%e"..8...b...
01A0: D0 C4 7B DC 6B 77 17 69 1C 9C 40 BF 09 B3 79 D4 dot dot dot dot kw dot i dot dot at dot dot dot y dot
01B0: C3 FE EE 7E 29 9F 45 1C C3 22 EA B0 25 2F 8D 4A ....).E.."..%/.J
01C0: A8 6C AF F3 05 E8 2B 4E 8B 6F 48 1F 2C 7A C4 23 .l....+N.oH.,z.#
01D0: 3F 30 EF 01 3C 01 44 ?0..<.D

Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server evaluateResponse
FINEST: KRB5SRV04:Challenge: [after acceptSecCtx] ( 98 ): 0000: 60 60 06 09 2A 86 48 86 F7 12 01 02 02 02 00 6F ``..*.H........o
0010: 51 30 4F A0 03 02 01 05 A1 03 02 01 0F A2 43 30 Q0O...........C0
0020: 41 A0 03 02 01 01 A2 3A 04 38 37 AC FD 76 44 2F A......:.87..vD/
0030: 95 20 06 88 55 CE B7 59 92 D2 F6 62 A4 D3 F9 AF . ..U..Y...b....
0040: EA E3 1A D9 E5 E1 7E 88 22 DD 66 1E A3 04 B4 79 ........".f....y
0050: 5B 07 7A 9E DF 2E F1 D6 BA C1 36 08 AF 1D 4A 66 [.z.......6...Jf
0060: E2 26 .&

Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server evaluateResponse
FINE: KRB5SRV05:Peer name is :
send: C{98}
``[6][9]*[86]H[86][F7][12][1][2][2][2][0]oQ0O[A0][3][2][1][5][A1][3][2][1][F][A2]C0A[A0][3][2][1][1][A2]:[4]87[AC][FD]vD/[95] [6][88]U[CE][B7]Y[92][D2][F6]b[A4][D3][F9][AF][EA][E3][1A][D9][E5][E1]~[88]"[DD]f[1E][A3][4][B4]y[[7]z[9E][DF].[F1][D6][BA][C1]6[8][AF][1D]Jf[E2]&
recv: {0}

Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server evaluateResponse
FINEST: KRB5SRV03:Response [raw]: ( 0 ):
Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake1
FINE: KRB5SRV06:Supported protections: 1; recv max buf size: 65,536
Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake1
FINEST: KRB5SRV07:Challenge [raw] ( 4 ): 0000: 01 01 00 00 ....

Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake1
FINEST: KRB5SRV08:Challenge [after wrap] ( 53 ): 0000: 60 33 06 09 2A 86 48 86 F7 12 01 02 02 02 01 02 `3..*.H.........
0010: 00 FF FF FF FF F3 35 12 A9 57 98 7D 42 58 AD FF ......5..W..BX..
0020: 89 ED B7 A2 8B 0D A3 C4 BA F5 75 18 B7 01 01 00 ..........u.....
0030: 00 04 04 04 04 .....

send: C{53}
`3[6][9]*[86]H[86][F7][12][1][2][2][2][1][2][0][FF][FF][FF][FF][F3]5[12][A9]W[98]}BX[AD][FF][89][ED][B7][A2][8B][D][A3][C4][BA][F5]u[18][B7][1][1][0][0][4][4][4][4]
recv: {53}
`3[6][9]*[86]H[86][F7][12][1][2][2][2][1][2][0][FF][FF][FF][FF]9[10][FC]>[6]h[3]G>[F5][CC][AD]Y[AD][C5]H[FB]Y[C5][98][18][98]9e[1][1][0][0][4][4][4][4]
Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server evaluateResponse
FINEST: KRB5SRV03:Response [raw]: ( 53 ): 0000: 60 33 06 09 2A 86 48 86 F7 12 01 02 02 02 01 02 `3..*.H.........
0010: 00 FF FF FF FF 39 10 FC 3E 06 68 03 47 3E F5 CC .....9..>.h.G>..
0020: AD 59 AD C5 48 FB 59 C5 98 18 98 39 65 01 01 00 .Y..H.Y....9e...
0030: 00 04 04 04 04 .....

Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake2
FINEST: KRB5SRV09:Response [after unwrap] ( 4 ): 0000: 01 01 00 00 ....

Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake2
FINE: KRB5SRV10:Selected protection: 1; privacy: false; integrity: false
Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake2
FINE: KRB5SRV11:Client max recv size: 65,536; server max send size: 65,536; rawSendSize: 65,479
Aug 1, 2005 12:58:46 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake2
FINE: KRB5SRV12:Authzid:
Client Authenticated Successfully

===> JAVA CLIENT & JAVA SERVER (server logs) <===
-------------------------------------------------
Aug 1, 2005 12:58:23 PM com.sun.security.sasl.gsskerb.GssKrb5Server constructor
FINE: SASLIMPL01:Preferred qop property: null
Aug 1, 2005 12:58:23 PM com.sun.security.sasl.gsskerb.GssKrb5Server constructor
FINE: SASLIMPL02:Preferred qop mask: 1
Aug 1, 2005 12:58:23 PM com.sun.security.sasl.gsskerb.GssKrb5Server constructor
FINE: SASLIMPL03:Preferred qops : 1
Aug 1, 2005 12:58:23 PM com.sun.security.sasl.gsskerb.GssKrb5Server constructor
FINE: SASLIMPL04:Preferred strength property: null
Aug 1, 2005 12:58:23 PM com.sun.security.sasl.gsskerb.GssKrb5Server constructor
FINE: SASLIMPL05:Cipher strengths: 4 2 1
Aug 1, 2005 12:58:23 PM com.sun.security.sasl.gsskerb.GssKrb5Server <init>
FINE: KRB5SRV01:Using service name:
Aug 1, 2005 12:58:23 PM com.sun.security.sasl.gsskerb.GssKrb5Server <init>
FINE: KRB5SRV02:Initialization complete
send: {48}
LOGIN CRAM-MD5 PLAIN GSSAPI ANONYMOUS DIGEST-MD5
recv: {6}
GSSAPI
recv: {1}
Y
recv: {526}
`[82][2][A][6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][1][F9]0[82][1][F5][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0] [0][0][0][A3][82][1][11]a[82][1][D]0[82][1][9][A0][3][2][1][5][A1][C][1B][A]KAYOS.NONE[A2]"0 [A0][3][2][1][3][A1][19]0[17][1B][4]rcmd[1B][F]judd.kayos.none[A3][81][CF]0[81][CC][A0][3][2][1][10][A1][3][2][1][3][A2][81][BF][4][81][BC][14]Bo[E0][F3][BA][C5]t[99]![85][CE]E[9C][CA][EA]4[B][B2]C[A8][D8][B5]p[8][6][F5]?[86][C][1C][CD][83]b8[D0][14][A8]iS^[A2]5[FA][BD]d[9F][1A][11][E3]8o[A4][9C][C8]v$[90]/[C1]W[9A]S![B5]F[B3][F7][B5][D3]G[83][A][B2][98][[B1][B3]yfy[10]6[9A][E2]>2[C8]t[C7][93][1][1A][82]&[C]d[C9][D6][D8][9][9F]p[1D]s[AF][18][F3][CB][[8B][EA][B7]k[9][15]+[CE][D][D0]`[CF]"[FA][7F][BA][E5][E7]$Ex[97][19][9A][9]!c5_1[F0][BC][C9][B7][A5][F2]r[o[BF]o[B5][86][84][AD][8B][A0];[87][5][EE][CB][9B][DE][8B]8aJ[92][8]Z1[DC][D4]p[C3][1D]6[1A]I[90]C[8C][AA][A4]T[15]D[A4][81][CA]0[81][C7][A0][3][2][1][10][A2][81][BF][4][81][BC][A1][83]D[19][8F])[DA]>[F8][A6][EC]!
 [CB][19][DE][D4][DE][CC][FD][D7][8F];[A6][9D][F0][7F][87][E0][AD][DE]3[F6][D8][8A]"[AA][1C][DF][F6][FE]6C+[FE][89][9F][84][D5][C6][9F]X[D7]Nc[F6]$[A4][FD]G[CE]n[94]![F1]2[99][D3][FB]([EA][7F]^7F[A5]Z[BB][DA]%uG[C9][C5][A4][11][1][85][A1][C7]![AB][B2]a[9B][CE][CC](][E6] [1E][F6]V[8][E6]+[EC][A3][C4][EA]>9I[A4]D[D0]Y[8]{[BF]Y[90]J[FA]m[1][9D]"m[D2][AF][2][AD][B6][6]|[1A]y[5]"[87][DD]($[E1]r[BF][FE]S[15]E;[A2][93][9A]<[B5]][B9][7][A6]g[FC][DD][A2]5[FD][8A][A1]:J[90][FF]+[82]e[C0][A2][4][85][EF][3][A3][D1][7][C5]u[B5];
Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server evaluateResponse
FINEST: KRB5SRV03:Response [raw]: ( 526 ): 0000: 60 82 02 0A 06 09 2A 86 48 86 F7 12 01 02 02 01 `.....*.H.......
0010: 00 6E 82 01 F9 30 82 01 F5 A0 03 02 01 05 A1 03 .n...0..........
0020: 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 01 11 ........ .......
0030: 61 82 01 0D 30 82 01 09 A0 03 02 01 05 A1 0C 1B a...0...........
0040: 0A 4B 41 59 4F 53 2E 4E 4F 4E 45 A2 22 30 20 A0 .KAYOS.NONE."0 .
0050: 03 02 01 03 A1 19 30 17 1B 04 72 63 6D 64 1B 0F ......0...rcmd..
0060: 6A 75 64 64 2E 6B 61 79 6F 73 2E 6E 6F 6E 65 A3 judd.kayos.none.
0070: 81 CF 30 81 CC A0 03 02 01 10 A1 03 02 01 03 A2 ..0.............
0080: 81 BF 04 81 BC 14 42 6F E0 F3 BA C5 74 99 21 85 ......Bo....t.!.
0090: CE 45 9C CA EA 34 0B B2 43 A8 D8 B5 70 08 06 F5 .E...4..C...p...
00A0: 3F 86 0C 1C CD 83 62 38 D0 14 A8 69 53 5E A2 35 ?.....b8...iS^.5
00B0: FA BD 64 9F 1A 11 E3 38 6F A4 9C C8 76 24 90 2F ..d....8o...v$./
00C0: C1 57 9A 53 21 B5 46 B3 F7 B5 D3 47 83 0A B2 98 .W.S!.F....G....
00D0: 5B B1 B3 79 66 79 10 36 9A E2 3E 32 C8 74 C7 93 [..yfy.6..>2.t..
00E0: 01 1A 82 26 0C 64 C9 D6 D8 09 9F 70 1D 73 AF 18 ...&.d.....p.s..
00F0: F3 CB 5B 8B EA B7 6B 09 15 2B CE 0D D0 60 CF 22 ..[...k..+...`."
0100: FA 7F BA E5 E7 24 45 78 97 19 9A 09 21 63 35 5F .....$Ex....!c5_
0110: 31 F0 BC C9 B7 A5 F2 72 5B 6F BF 6F B5 86 84 AD 1......r[o.o....
0120: 8B A0 3B 87 05 EE CB 9B DE 8B 38 61 4A 92 08 5A ..;.......8aJ..Z
0130: 31 DC D4 70 C3 1D 36 1A 49 90 43 8C AA A4 54 15 1..p..6.I.C...T.
0140: 44 A4 81 CA 30 81 C7 A0 03 02 01 10 A2 81 BF 04 D...0...........
0150: 81 BC A1 83 44 19 8F 29 DA 3E F8 A6 EC CB 19 DE ....D..).>......
0160: D4 DE CC FD D7 8F 3B A6 9D F0 7F 87 E0 AD DE 33 ......;........3
0170: F6 D8 8A 22 AA 1C DF F6 FE 36 43 2B FE 89 9F 84 ...".....6C+....
0180: D5 C6 9F 58 D7 4E 63 F6 24 A4 FD 47 CE 6E 94 21 ...X.Nc.$..G.n.!
0190: F1 32 99 D3 FB 28 EA 7F 5E 37 46 A5 5A BB DA 25 .2...(..^7F.Z..%
01A0: 75 47 C9 C5 A4 11 01 85 A1 C7 21 AB B2 61 9B CE uG........!..a..
01B0: CC 28 5D E6 20 1E F6 56 08 E6 2B EC A3 C4 EA 3E .(]. ..V..+....>
01C0: 39 49 A4 44 D0 59 08 7B BF 59 90 4A FA 6D 01 9D 9I.D.Y...Y.J.m..
01D0: 22 6D D2 AF 02 AD B6 06 7C 1A 79 05 22 87 DD 28 "m........y."..(
01E0: 24 E1 72 BF FE 53 15 45 3B A2 93 9A 3C B5 5D B9 $.r..S.E;...<.].
01F0: 07 A6 67 FC DD A2 35 FD 8A A1 3A 4A 90 FF 2B 82 ..g...5...:J..+.
0200: 65 C0 A2 04 85 EF 03 A3 D1 07 C5 75 B5 3B e..........u.;

Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server evaluateResponse
FINEST: KRB5SRV04:Challenge: [after acceptSecCtx] ( 110 ): 0000: 60 6C 06 09 2A 86 48 86 F7 12 01 02 02 02 00 6F `l..*.H........o
0010: 5D 30 5B A0 03 02 01 05 A1 03 02 01 0F A2 4F 30 ]0[...........O0
0020: 4D A0 03 02 01 10 A2 46 04 44 45 18 43 9F B1 82 M......F.DE.C...
0030: CA 71 23 17 4C 2C E6 1A DC DD 8F 03 E9 6A 10 17 .q#.L,.......j..
0040: 94 FE 15 EB 58 A1 79 7B 84 2C 64 59 3E 7E 5D 00 ....X.y..,dY>.].
0050: 26 71 42 E7 96 03 88 08 8E 35 7A 8E 3A A7 17 59 &qB......5z.:..Y
0060: D9 C1 21 FA 9B AB 16 48 8B 9D 1B 34 25 6E ..!....H...4%n

Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server evaluateResponse
FINE: KRB5SRV05:Peer name is :
send: C{110}
`l[6][9]*[86]H[86][F7][12][1][2][2][2][0]o]0[[A0][3][2][1][5][A1][3][2][1][F][A2]O0M[A0][3][2][1][10][A2]F[4]DE[18]C[9F][B1][82][CA]q#[17]L,[E6][1A][DC][DD][8F][3][E9]j[10][17][94][FE][15][EB]X[A1]y{[84],dY>~][0]&qB[E7][96][3][88][8][8E]5z[8E]:[A7][17]Y[D9][C1]![FA][9B][AB][16]H[8B][9D][1B]4%n
recv: {0}

Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server evaluateResponse
FINEST: KRB5SRV03:Response [raw]: ( 0 ):
Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake1
FINE: KRB5SRV06:Supported protections: 1; recv max buf size: 65,536
Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake1
FINEST: KRB5SRV07:Challenge [raw] ( 4 ): 0000: 01 01 00 00 ....

Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake1
FINEST: KRB5SRV08:Challenge [after wrap] ( 65 ): 0000: 60 3F 06 09 2A 86 48 86 F7 12 01 02 02 02 01 04 `?..*.H.........
0010: 00 FF FF FF FF 2A 27 70 5E B1 FE 3E 08 17 20 5E .....*'p^..>.. ^
0020: 7C DF A0 B6 36 2C 44 D8 B3 23 8A 3A 3D AD 1B 72 ....6,D..#.:=..r
0030: 99 38 D4 C3 8A 36 6C 4C 39 01 01 00 00 04 04 04 .8...6lL9.......
0040: 04 .

send: C{65}
`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF]*'p^[B1][FE]>[8][17] ^|[DF][A0][B6]6,D[D8][B3]#[8A]:=[AD][1B]r[99]8[D4][C3][8A]6lL9[1][1][0][0][4][4][4][4]
recv: {65}
`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][96][BF][C8]>F[86][D2][C9][E2][C8][85][87]5[83][F8]\|o[C7][C0][DA]k[A3][89][D0][14]*[A5]A[D3][DB]I[95][C8][D6][0][1][0][0][0][4][4][4][4]
Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server evaluateResponse
FINEST: KRB5SRV03:Response [raw]: ( 65 ): 0000: 60 3F 06 09 2A 86 48 86 F7 12 01 02 02 02 01 04 `?..*.H.........
0010: 00 FF FF FF FF 96 BF C8 3E 46 86 D2 C9 E2 C8 85 ........>F......
0020: 87 35 83 F8 5C 7C 6F C7 C0 DA 6B A3 89 D0 14 2A .5..\.o...k....*
0030: A5 41 D3 DB 49 95 C8 D6 00 01 00 00 00 04 04 04 .A..I...........
0040: 04 .

Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake2
FINEST: KRB5SRV09:Response [after unwrap] ( 4 ): 0000: 01 00 00 00 ....

Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake2
FINE: KRB5SRV10:Selected protection: 1; privacy: false; integrity: false
Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake2
FINE: KRB5SRV11:Client max recv size: 0; server max send size: 0; rawSendSize: -69
Aug 1, 2005 12:58:25 PM com.sun.security.sasl.gsskerb.GssKrb5Server doHandshake2
FINE: KRB5SRV12:Authzid:
Client Authenticated Successfully

• Previous message: Robert Scussel: "Re: sasl ldap log errors"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]