Advertisement
ILyaCyclone

Untitled

Aug 8th, 2017
610
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.71 KB | None | 0 0
  1. Regenerated keytab with AES128.
  2. 1. setspn -D HTTP/tomcatserver.global.lpl.top tomcatuser
  3. 2. setspn -l tomcatuser
  4. empty
  5. 3. ktpass /out c:\tomcat3.keytab /mapuser tomcatuser@GLOBAL.LPL.TOP /mapOp set /princ HTTP/tomcatserver.global.lpl.top@GLOBAL.LPL.TOP /pass tomcatuserpassword /ptype KRB5_NT_PRINCIPAL /crypto AES128-SHA1
  6.  
  7. 4. jdk1.7.0_79\bin>kinit -k -t C:\tomcat3.keytab HTTP/tomcatserver.global.lpl.top
  8. Exception: krb_error 6 Client not found in Kerberos database (6) Client not found in Kerberos database
  9. KrbException: Client not found in Kerberos database (6)
  10. at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76)
  11. at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319)
  12. at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:364)
  13. at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:221)
  14. at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
  15. Caused by: KrbException: Identifier doesn't match expected value (906)
  16. at sun.security.krb5.internal.KDCRep.init(KDCRep.java:143)
  17. at sun.security.krb5.internal.ASRep.init(ASRep.java:65)
  18. at sun.security.krb5.internal.ASRep.<init>(ASRep.java:60)
  19. at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60)
  20. ... 4 more
  21.  
  22. Addendum
  23. C:\Windows\krb5.ini:
  24. [libdefaults]
  25. default_realm = GLOBAL.LPL.TOP
  26. default_keytab_name = FILE:C:\tomcat3.keytab
  27. default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
  28. default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
  29. forwardable=true
  30.  
  31. [realms]
  32. GLOBAL.LPL.TOP = {
  33. kdc = cdc.global.lpl.top:88
  34. }
  35.  
  36. [domain_realm]
  37. global.lpl.top=GLOBAL.LPL.TOP
  38. .global.lpl.top=GLOBAL.LPL.TOP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement