stackoom
  简体   繁体   中英

Java Kerberos Preauthentication Error

 原文  2012-10-10 15:02:41       java/ kerberos/ pre-authentication

Question

We have two different applications in our network, both use Kerberos to authenticate users. One of them makes problems when the max. ticket lifetime has expired.

Successful request with application x: 

AS-REQ =>
    <= KRB5KDC_ERR_PREAUTH_REQUIRED
AS-REQ => 
    <= AS-REP

Unsuccessful request with application y: 

AS-REQ =>
    <= KRB5KDC_ERR_PREAUTH_REQUIRED
AS-REQ =>
    <= KRB5KDC_ERR_PREAUTH_FAILED

The only difference we can see in network captures is that app x uses NT-PRINCIPAL, while app y uses NT-ENTERPRISE. App y runs on Java 1.6, so the preauth bug from earlier versions shouldn't occur.

Any ideas are highly appreciated.

1 answers

solution1
 0 ACCPTED  2012-11-13 14:03:45

I think that the solution to this issue was to re-generate our keytabs with the "/crypto All" option, but I'm not 100% sure. At least we had no more complaints after that.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java and Kerberos Kerberos with Java Error: Java GSS-API with SPNEGO: Server not found in Kerberos database (7) Kerberos Java problems with kdc and/or Message stream modified (41) error Postdatable Kerberos tickets in Java Java app secured by KERBEROS Smart Cards in Java Kerberos Implement Kerberos authentication in java Kafka Java Producer with kerberos Kerberos Java Credentials Cache
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM