Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Regenerated keytab with AES128.
- 1. setspn -D HTTP/tomcatserver.global.lpl.top tomcatuser
- 2. setspn -l tomcatuser
- empty
- 3. ktpass /out c:\tomcat3.keytab /mapuser tomcatuser@GLOBAL.LPL.TOP /mapOp set /princ HTTP/tomcatserver.global.lpl.top@GLOBAL.LPL.TOP /pass tomcatuserpassword /ptype KRB5_NT_PRINCIPAL /crypto AES128-SHA1
- 4. jdk1.7.0_79\bin>kinit -k -t C:\tomcat3.keytab HTTP/tomcatserver.global.lpl.top
- Exception: krb_error 6 Client not found in Kerberos database (6) Client not found in Kerberos database
- KrbException: Client not found in Kerberos database (6)
- at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76)
- at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319)
- at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:364)
- at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:221)
- at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
- Caused by: KrbException: Identifier doesn't match expected value (906)
- at sun.security.krb5.internal.KDCRep.init(KDCRep.java:143)
- at sun.security.krb5.internal.ASRep.init(ASRep.java:65)
- at sun.security.krb5.internal.ASRep.<init>(ASRep.java:60)
- at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60)
- ... 4 more
- Addendum
- C:\Windows\krb5.ini:
- [libdefaults]
- default_realm = GLOBAL.LPL.TOP
- default_keytab_name = FILE:C:\tomcat3.keytab
- default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
- default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
- forwardable=true
- [realms]
- GLOBAL.LPL.TOP = {
- kdc = cdc.global.lpl.top:88
- }
- [domain_realm]
- global.lpl.top=GLOBAL.LPL.TOP
- .global.lpl.top=GLOBAL.LPL.TOP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement