Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- As far as I know, kinit uses C:\Windows\krb5.ini by default.
- ---------------------------------------------------------
- C:\Windows\krb5.ini:
- [libdefaults]
- default_realm = GLOBAL.LPL.TOP
- default_keytab_name = FILE:C:\tomcat3.keytab
- #default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
- #default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
- forwardable=true
- [realms]
- GLOBAL.LPL.TOP = {
- kdc = cdc.global.lpl.top:88
- }
- [domain_realm]
- global.lpl.top = GLOBAL.LPL.TOP
- .global.lpl.top = GLOBAL.LPL.TOP
- ---------------------------------------------------------
- HelloKDC.java values:
- final String username = "tomcatuser"; // Domain (pre-authentication) account
- final String password = "tomcatuserpassword";
- final String krbfile = "C:\\HelloKDC\\krb5.conf"; // Name of our krb5 config file
- final String loginfile = "C:\\HelloKDC\\login.conf"; // Name of our login config file
- final String module = "spnego-client"; // Name of our login module
- ---------------------------------------------------------
- C:\HelloKDC\krb5.conf is similar to C:\Windows\krb5.ini
- ---------------------------------------------------------
- C:\HelloKDC\login.conf:
- spnego-client {
- com.sun.security.auth.module.Krb5LoginModule required;
- };
- ---------------------------------------------------------
- HelloKDC output
- C:\HelloKDC>jdk1.7.0_79\bin\java HelloKDC
- Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt tru
- e ticketCache is null isInitiator true KeyTab is C:/tomcat3.keytab refreshKrb5Config is false principal is HTTP/tomcatserver.global.lpl.top@GLOBAL.LPL.TOP tryFirstPass is false useFirstPass is false s
- torePass is false clearPass is false
- [Krb5LoginModule] authentication failed
- Client not found in Kerberos database (6)
- Exception in thread "main" javax.security.auth.login.LoginException: Client notfound in Kerberos database (6)
- Caused by: KrbException: Identifier doesn't match expected value
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement