Encounter KRB_AP_ERR_MODIFIED Kerberos issue using IE8

Nov 22, 2011 at 4:31 PM

I have a web application using WAFFLE to authenticate our application running on Tomcat 7. Here is the problem I encountered:

1. using firefox to access http://server_name:8080/web_app, after providing credentials, I can access application without problem

2. using IE8 to access http://server_ip_address:8080/web_app, after providing credentials, I can access application without problem

3. using IE8 to access http://server_name:8080/web_app, I got error:

    WARN {?:?} - error logging in user: The token supplied to the function is invalid

In client side event logging, there is error:

Event Type:     Error

Event Source:   Kerberos

Event Category: None

Event ID:       4

Date:           2011/11/21

Time:           4:13:25 PM

User:           N/A

Computer:       MY-COMPUTER

Description:

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server USER_ID.  This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (MYCOMPANY.COM), and the client realm.   Please contact your system administrator.

The USER_ID is the user ID we use to run the webserver, but not the server's name. That account is in use on other servers.

Does anyone know what could cause the problem and how to fix it?

 

Thanks in advance