Git clone failed with Krb5LoginModule error - JNA Library
Shikari0744 opened this issue · comments
Version
5.13
Operating System
Windows
Bug description
I am performing https git clone operation on Azure repository and the request is failing with kerberos auth failure. I am not sure if I am using kerberos internally in my application but this happens only with Azure repository clone action. I tried setting up using "PAT" also but that also didn't help (Attached stacktrace as well)
Error -
sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:454)
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
org.eclipse.jgit.transport.HttpAuthMethod$Negotiate.configureRequest(HttpAuthMethod.java:541)
org.eclipse.jgit.transport.TransportHttp.httpOpen(TransportHttp.java:561)
org.eclipse.jgit.transport.TransportHttp.httpOpen(TransportHttp.java:523)
org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:462)
org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:296)
org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136)
org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122)
org.eclipse.jgit.transport.Transport.fetch(Transport.java:1138)
org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:130)
com.xx.git.commands.CloneCommand.fetch(CloneCommand.java:222)
com.xx.git.commands.CloneCommand.call(CloneCommand.java:146)
com.xx.git.GitScmService.clone(GitScmService.java:152)
com.xx.git.GitScmService$$FastClassBySpringCGLIB$$e66ae5b2.invoke()
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
com.xx.actions.AutoActionTaskAspect.injectScmChangeInfoBuilderAdvice(AutoActionTaskAspect.java:139)
sun.reflect.GeneratedMethodAccessor397.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
com.xx.git.GitScmService$$EnhancerBySpringCGLIB$$f03c65a8.clone()
com.xx.git.GitConnectionService.cloneRemoteRepository(GitConnectionService.java:336)
com.xx.git.GitConnectionService.cloneAction(GitConnectionService.java:426)
com.xx.git.GitConnectionService.access$200(GitConnectionService.java:84)
com.xx.git.GitConnectionService$1.construct(GitConnectionService.java:224)
com.xx.git.GitConnectionService$1.construct(GitConnectionService.java:211)
com.xx.git.GitConnectionService$2.construct(GitConnectionService.java:234)
com.xx.git.GitConnectionService$2.construct(GitConnectionService.java:231)
com.iconclude.dharma.app.dialogue.TaskProgressDialog$1.doInBackground(TaskProgressDialog.java:373)
javax.swing.SwingWorker$1.call(SwingWorker.java:295)
java.util.concurrent.FutureTask.run(FutureTask.java:266)
javax.swing.SwingWorker.run(SwingWorker.java:334)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
java.lang.Thread.run(Thread.java:750)
Error -
com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:925)
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:766)
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:618)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
javax.security.auth.login.LoginContext.login(LoginContext.java:587)
sun.security.jgss.GSSUtil.login(GSSUtil.java:258)
sun.security.jgss.krb5.Krb5Util.getInitialTicket(Krb5Util.java:175)
sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:377)
sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:373)
java.security.AccessController.doPrivileged(Native Method)
sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:372)
sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:160)
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:189)
sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882)
sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317)
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
org.eclipse.jgit.transport.HttpAuthMethod$Negotiate.configureRequest(HttpAuthMethod.java:541)
org.eclipse.jgit.transport.TransportHttp.httpOpen(TransportHttp.java:561)
org.eclipse.jgit.transport.TransportHttp.httpOpen(TransportHttp.java:523)
org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:462)
org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:296)
org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136)
org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122)
org.eclipse.jgit.transport.Transport.fetch(Transport.java:1138)
org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:130)
com.xx.git.commands.CloneCommand.fetch(CloneCommand.java:222)
com.xx.git.commands.CloneCommand.call(CloneCommand.java:146)
com.xx.git.GitScmService.clone(GitScmService.java:152)
com.xx.git.GitScmService$$FastClassBySpringCGLIB$$e66ae5b2.invoke()
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
com.xx.actions.AutoActionTaskAspect.injectScmChangeInfoBuilderAdvice(AutoActionTaskAspect.java:139)
sun.reflect.GeneratedMethodAccessor242.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
com.xx.git.GitScmService$$EnhancerBySpringCGLIB$$603f33c2.clone()
com.xx.git.GitConnectionService.cloneRemoteRepository(GitConnectionService.java:336)
com.xx.git.GitConnectionService.cloneAction(GitConnectionService.java:426)
com.xx.git.GitConnectionService.access$200(GitConnectionService.java:84)
com.xx.git.GitConnectionService$1.construct(GitConnectionService.java:224)
com.xx.git.GitConnectionService$1.construct(GitConnectionService.java:211)
com.xx.git.GitConnectionService$2.construct(GitConnectionService.java:234)
com.xx.git.GitConnectionService$2.construct(GitConnectionService.java:231)
com.iconclude.dharma.app.dialogue.TaskProgressDialog$1.doInBackground(TaskProgressDialog.java:373)
javax.swing.SwingWorker$1.call(SwingWorker.java:295)
java.util.concurrent.FutureTask.run(FutureTask.java:266)
javax.swing.SwingWorker.run(SwingWorker.java:334)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
java.lang.Thread.run(Thread.java:750)
Followed some remedies :-
Try this steps : - https://groups.google.com/g/gatling/c/4L_OofnOQy0?pli=1
Control Panel > Credential Manager Check if creds stored in generic password is accurate or not for azure network address.
add the IP address of the server in its host file. You must also recycle the application server to load the new host file.
Run "Klist" command that comes with java Check for server by name kerberos (like Server: krbtgt...)
https://support.tibco.com/s/article/Spotfire-Server-KERBEROS-ERROR-No-valid-credentials-provided-Mechanism-level-No-valid-credentials-provided-Mechanism-level-Connection-timed-out-connect
Versions :- I am using jdk 8 version. Our dekstop application uses Git 2.39.2.windows.1 version to perform clone. org.eclipse.jgit.ssh.jsch-5.13.1.202206130422-r.jar
org.eclipse.jgit.ui-5.13.1.202206130422-r.jar
org.eclipse.jgit-5.13.1.202206130422-r.jar
Actual behavior
Authentication should passed as expected. I tested seperately using git cli (same version) and it works fine.
Expected behavior
Issue should get resolved
Relevant log output
No response
Other information
No response
These line numbers do not correspond to JGit 5.13 at all. The given stack traces cannot come from JGit 5.13.1.202206130422.
I have to go back to commit 4a984e2 to find a source version of TransportHttp that matches these line numbers. That's nine years old and would correspond to about version 4.0.0. There have been many changes to TransportHttp since then, and one fix in particular handled skipping unsupported authentication mechanisms.
The Azure server is advertising "Negotiate", but apparently Kerberos isn't set up in your environment. Versions before commit ac3d3af (8 years old, version 4.5.0) would then fail; since then, they'll re-try with other advertised authentication methods.