JAAS using a keytab fails

Here is my setup:
Running Java 5.
I have two J2EE app servers (a dev instance and a qual instance) on the same hardware.
I have a .jar file on each server instance that use JAAS to authenticate with another server.
The .jar files share a keytab file for the authentication.

After one of the .jar files is used by an application a few times it fails completely on both servers, and the servers have to be restarted to restore order in the universe.

In trying to troubleshoot this I wanted to remove anything shared. So, I made a copy of the keytab file and made the appropriate changes in the login.config file. Since doing that I have not been able to get either to fail.

Can someone explain to what is going on? The keytab should not have had a lock on it and no one else I know can explain it.

I'll try to find the exception and post it.

Thanks,
Tom

Here is the exception. I had to replace some of the info like the app name and the package name but that should have no bearing on the explanation.

####<Aug 3, 2007 9:32:49 AM MDT> <Error> <HTTP> <MACHINE> <mserver1> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1186155169478> <BEA-101017> <[weblogic.servlet.internal.WebAppServletContext@62b5ce2 - appName: 'APP.ear', name: '/APP', context-path: '/APP'] Root cause of ServletException.
PACKAGE_NAME.groupd.GrpException: GSSContext is null. Verify the credential cache is valid
at PACKAGE_NAME.groupd.GrpSunKerbInitiator.initContext(Unknown Source)
at PACKAGE_NAME.groupd.GrpClient.init(Unknown Source)
at PACKAGE_NAME.groupd.GrpClient.getGroups(Unknown Source)
at APP.Auth.Groupd.getGroups(Groupd.java:74)
at jsp_servlet.__advanced_search._jspService(__advanced_search.java:297)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:223)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3243)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2003)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1909)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1357)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
>

Thanks again,
Tom
[ August 20, 2007: Message edited by: Tom Cleal ]

OK an update.

Our app server is in a clustered environment but on the same machine. Once I get an exception on one server that server will fail for everyone BUT the person before the error occurred. The other server works fine.

It is almost like it is locking between the application and the library and not letting anyone but that user on.