spring secutiry cant read any principal from any keytab?
I have a keytab with one principal in it:
This keytab was generated on a the win 2k8 domain controller with this command:Code:ktutil: rkt http-web.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 3 HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM
which was coppied over the the test web server used in spnego.xml:Code:ktpass /out http-web.keytab /mapuser aulfeldt-hta-nightly@WAD.ENG.HYTRUST.COM /princ HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM /pass *
but fails to find the principal:Code:<bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator"> <property name="servicePrincipal" value="HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM" /> <property name="keyTabLocation" value="/WEB-INF/http-web.keytab" /> <property name="debug" value="true" /> </bean>
I have tried joining the web server (Centos 5.5, tomcat6) to the AD WAD.ENG.HYTRUST.COM and can login using AD credentials and then using a principal from /etc/krb5.keytab just to see if it can be read... same response. I also tried lots of variants on uppercase and lowercaseing the names.Code:Key for the principal HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM not available in jndi:/localhost/spring-security-kerberos-sample-1 .0.0.CI-SNAPSHOT/WEB-INF/http-web.keytab [Krb5LoginModule] authentication failed Unable to obtain password from user
ps checked it out from git this morning.
Reply With Quote
