Kerberos Extension - Cannot find key of appropriate type to decrypt AP REP - RC4 with
Hi,
i am ausing Spring Kerberos Extension M2 and ran into a problem. My configuration is really similar to the sample application. I will post the relevant parts of my configuration below. I will obscure my real host and domain a bit, lets say they are MYHOST and MY.DOMAIN.
I verified like 10 times that the serviceprincipalname HTTP/MYHOST is correctly set. I generated the keytab file like this:
ktpass /out MYHOST.keytab /princ HTTP/MYHOST@MY.DOMAIN /ptype KRB5_NT_PRINCIPAL /kvno 0.
I also tried with crypto /All, same result. I also tried like 20 crypto-types in my krb5.conf, still no change.
The tomcat seems to start ok, see part of the output:
But when i navigate to my application (from another machine of course), i get the Error:Code:Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 23 23 17 16 3 1 17. Commit Succeeded
Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC
Any Idea?
Code:<beans:bean id="kerberosServiceAuthenticationProvider" class="at.verbund.datenschutzdb.security.CustomKerberosAuthenticationProvider"> <beans:property name="ticketValidator"> <beans:bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator"> <beans:property name="servicePrincipal" value="HTTP/MYHOST" /> <beans:property name="keyTabLocation" value="/config/MYHOST.keytab" /> <beans:property name="debug" value="true" /> </beans:bean> </beans:property> <beans:property name="userDetailsService" ref="userDetailsService" /> </beans:bean> <beans:bean class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig"> <beans:property name="debug" value="true" /> <beans:property name="krbConfLocation" value="C:/data/kerb/krb5.conf" /> </beans:bean>
Reply With Quote