Hallo, I'm trying to authenticate users from within a Java application against an Active Directory. Therefore I use JAAS from Sun and the contained Kerberos5-LoginModule. For some of the users this works fine, others are rejected with the following error: <stacktrace> javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Un known Source) at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access</body>0(Unknown Source) at javax.security.auth.login.LoginContext.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at com.aidossoftware.security.auth.orion.UserManager$UserWrapper.authent icate(UserManager.java:232) at com.evermind._ax._ltc(.:417) at com.evermind._ax._uab(.:191) at com.evermind._bf.run(.:62) Caused by: KrbException: Pre-authentication information was invalid (24) at sun.security.krb5.KrbAsRep.<init>(Unknown Source) at sun.security.krb5.KrbAsReq.getReply(Unknown Source) at sun.security.krb5.Credentials.acquireTGT(Unknown Source) ... 16 more Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.af.a(Unknown Source) at sun.security.krb5.internal.at.a(Unknown Source) at sun.security.krb5.internal.at.<init>(Unknown Source) ... 19 more javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Un known Source) at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access</body>0(Unknown Source) at javax.security.auth.login.LoginContext.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at com.aidossoftware.security.auth.orion.UserManager$UserWrapper.authent icate(UserManager.java:232) at com.evermind.server.http.EvermindHttpServletRequest._wwd(.:3298) at com.evermind._ay._mae(.:5385) at com.evermind._ay._nlc(.:2164) at com.evermind._ay._kfe(.:4133) at com.evermind._eu._nlc(.:294) at com.evermind._ay.getRequestDispatcher(.:921) at com.evermind.server.http.EvermindHttpServletResponse.sendRedirect(.:1 347) at com.evermind._ax._ltc(.:468) at com.evermind._ax._uab(.:191) at com.evermind._bf.run(.:62) Caused by: KrbException: Pre-authentication information was invalid (24) at sun.security.krb5.KrbAsRep.<init>(Unknown Source) at sun.security.krb5.KrbAsReq.getReply(Unknown Source) at sun.security.krb5.Credentials.acquireTGT(Unknown Source) ... 23 more Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.af.a(Unknown Source) at sun.security.krb5.internal.at.a(Unknown Source) at sun.security.krb5.internal.at.<init>(Unknown Source) ... 26 more </stacktrace> I can not find any significant or systematic differences between the users that are authenticated and the ones that can not be authenticated. Can anybody explain this effect to me and give hints what I have to fix? A post in a java group did not bring answers... Thanks, Jens