[英]Error: Java GSS-API with SPNEGO: Server not found in Kerberos database (7)
我正在嘗試讓本教程發揮作用: https : //docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/lab/part5.html
我在 VM 上運行 Kerberos KDC 並使用本指南進行設置: http : //techpubs.spinlocksolutions.com/dklar/kerberos.html
我已經設置了兩個princripals:jessica@REALM.COM 和host/jessica-ThinkPad-X220@REALM.COM,第二個的密鑰保存在我從VM 復制到我的測試機器的keytab 中。
我可以 ping KDC 並使用kinit
獲取票證。
我編譯了所有代碼示例( Jaas.java
GssSpNegoServer.java
和GssSpNegoClient.java
)而沒有對教程進行更改。
這是我的jaas-krb5.conf
:
client {
com.sun.security.auth.module.Krb5LoginModule required
principal="jessica";
};
server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=krb5.keytab
principal="host/jessica-ThinkPad-X220";
};
我正在使用java -Djava.security.auth.login.config=jaas-krb5.conf GssSpNegoServer
啟動服務器
然后,在另一個窗口中,我使用java -Djava.security.auth.login.config=jaas-krb5.conf GssSpNegoClient host hostname
啟動客戶端,這給了我以下錯誤:
$ java -Djava.security.auth.login.config=jaas-krb5.conf GssSpNegoClient host jessica-ThinkPad-X220
Kerberos-Password for jessica:
Authenticated principal: [jessica@REALM.COM]
Connected to address jessica-ThinkPad-X220/192.168.178.78
Exception in thread "main" java.security.PrivilegedActionException: GSSException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER))
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at Jaas.loginAndAction(Jaas.java:53)
at GssSpNegoClient.main(GssSpNegoClient.java:56)
Caused by: GSSException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER))
at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:454)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at GssSpNegoClient$GssClientAction.run(GssSpNegoClient.java:129)
... 4 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882)
at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317)
... 7 more
Caused by: KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:259)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:270)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:302)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:120)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
... 11 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
... 17 more
我不知道我做錯了什么,有人可以幫忙嗎?
首先檢查它在 Kerberos 日志中尋找的服務器(對我來說位於/var/log/auth.log
)。 你會在那里看到相應的登錄信息:
krb5kdc[5157]: TGS_REQ (3 etypes {18 17 16}) x.x.x.x: LOOKING_UP_SERVER: authtime 0, ex/admin@EXAMPLE for ex2/y.y.y.y@EXAMPLE, Server not found in Kerberos database
確保將yyyy
更改為相應系統的主機名,並將主機名添加到主機中(即/etc/hosts
)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.