Java Code Examples for sun.security.krb5.internal.KRBError#getPA()

The following examples show how to use sun.security.krb5.internal.KRBError#getPA() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KrbAsReqBuilder.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = null;
    EncryptionKey pakey = null;
    ReferralsState referralsState = new ReferralsState();
    while (true) {
        if (referralsState.refreshComm()) {
            comm = new KdcComm(refCname.getRealmAsString());
        }
        try {
            req = build(pakey, referralsState);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                if (referralsState.handleError(ke)) {
                    pakey = null;
                    preAuthFailedOnce = false;
                    continue;
                }
                throw ke;
            }
        }
    }
}
 
Example 2
Source File: KrbAsReqBuilder.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = null;
    EncryptionKey pakey = null;
    ReferralsState referralsState = new ReferralsState();
    while (true) {
        if (referralsState.refreshComm()) {
            comm = new KdcComm(refCname.getRealmAsString());
        }
        try {
            req = build(pakey, referralsState);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                if (referralsState.handleError(ke)) {
                    pakey = null;
                    preAuthFailedOnce = false;
                    continue;
                }
                throw ke;
            }
        }
    }
}
 
Example 3
Source File: KrbAsReqBuilder.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = new KdcComm(cname.getRealmAsString());
    EncryptionKey pakey = null;
    while (true) {
        try {
            req = build(pakey);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                throw ke;
            }
        }
    }
}
 
Example 4
Source File: KrbAsReqBuilder.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = null;
    EncryptionKey pakey = null;
    ReferralsState referralsState = new ReferralsState();
    while (true) {
        if (referralsState.refreshComm()) {
            comm = new KdcComm(refCname.getRealmAsString());
        }
        try {
            req = build(pakey, referralsState);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                if (referralsState.handleError(ke)) {
                    pakey = null;
                    preAuthFailedOnce = false;
                    continue;
                }
                throw ke;
            }
        }
    }
}
 
Example 5
Source File: KrbAsReqBuilder.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = new KdcComm(cname.getRealmAsString());
    EncryptionKey pakey = null;
    while (true) {
        try {
            req = build(pakey);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                throw ke;
            }
        }
    }
}
 
Example 6
Source File: KrbAsReqBuilder.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = new KdcComm(cname.getRealmAsString());
    EncryptionKey pakey = null;
    while (true) {
        try {
            req = build(pakey);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                throw ke;
            }
        }
    }
}
 
Example 7
Source File: KrbAsReqBuilder.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = new KdcComm(cname.getRealmAsString());
    EncryptionKey pakey = null;
    while (true) {
        try {
            req = build(pakey);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                throw ke;
            }
        }
    }
}
 
Example 8
Source File: KrbAsReqBuilder.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = new KdcComm(cname.getRealmAsString());
    EncryptionKey pakey = null;
    while (true) {
        try {
            req = build(pakey);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                throw ke;
            }
        }
    }
}
 
Example 9
Source File: KrbAsReqBuilder.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = new KdcComm(cname.getRealmAsString());
    EncryptionKey pakey = null;
    while (true) {
        try {
            req = build(pakey);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                throw ke;
            }
        }
    }
}
 
Example 10
Source File: KrbAsReqBuilder.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = new KdcComm(cname.getRealmAsString());
    EncryptionKey pakey = null;
    while (true) {
        try {
            req = build(pakey);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                throw ke;
            }
        }
    }
}
 
Example 11
Source File: KrbAsReqBuilder.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = null;
    EncryptionKey pakey = null;
    ReferralsState referralsState = new ReferralsState();
    while (true) {
        if (referralsState.refreshComm()) {
            comm = new KdcComm(refCname.getRealmAsString());
        }
        try {
            req = build(pakey, referralsState);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                if (referralsState.handleError(ke)) {
                    pakey = null;
                    preAuthFailedOnce = false;
                    continue;
                }
                throw ke;
            }
        }
    }
}
 
Example 12
Source File: KrbAsReqBuilder.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = new KdcComm(cname.getRealmAsString());
    EncryptionKey pakey = null;
    while (true) {
        try {
            req = build(pakey);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                throw ke;
            }
        }
    }
}
 
Example 13
Source File: KrbAsReqBuilder.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Communication until AS-REP or non preauth-related KRB-ERROR received
 * @throws KrbException
 * @throws IOException
 */
private KrbAsReqBuilder send() throws KrbException, IOException {
    boolean preAuthFailedOnce = false;
    KdcComm comm = new KdcComm(cname.getRealmAsString());
    EncryptionKey pakey = null;
    while (true) {
        try {
            req = build(pakey);
            rep = new KrbAsRep(comm.send(req.encoding()));
            return this;
        } catch (KrbException ke) {
            if (!preAuthFailedOnce && (
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
                    ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: " +
                            "PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                preAuthFailedOnce = true;
                KRBError kerr = ke.getError();
                int paEType = PAData.getPreferredEType(kerr.getPA(),
                        EType.getDefaults("default_tkt_enctypes")[0]);
                if (password == null) {
                    EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
                    pakey = EncryptionKey.findKey(paEType, ks);
                    if (pakey != null) pakey = (EncryptionKey)pakey.clone();
                    for (EncryptionKey k: ks) k.destroy();
                } else {
                    pakey = EncryptionKey.acquireSecretKey(cname,
                            password,
                            paEType,
                            PAData.getSaltAndParams(
                                paEType, kerr.getPA()));
                }
                paList = kerr.getPA();  // Update current paList
            } else {
                throw ke;
            }
        }
    }
}