On Wed, Feb 2, 2011 at 11:38 AM, Romain LEGUAY <[email protected]> wrote:
>> If you merged login.conf to server login conf, try to remove loginConf
>> parameter from jcifsConfig
> I don't have any login conf in my tomcat server folder. Must I put my
> login.conf inside it?
I didn't checked you setup. Yes you have one merged file. You can
remove loginConf from jcifsConfig. Remove also
default_keytab_name = N:\KerberosKDC\ADLecteur.keytab
from krb5.conf. You can specify keytab OR password not both (it's
mistake in SPNEGO setup). You have password on jcifsConfig.
>
>> ktab -l (before and after, I can't connect with any of my user)
> No default key table exists.
Strange :-/. You have to be logged on ANOTHER machine which is
integrated with domain with some domain account. At least KRBTGT have
to be shown. It's maybe some specific 'feature' of windows but on
Unix/Linux you HAVE TO see this KRBTGT key. Otherwise you aren't
logged to domain. Try 'kinit <someUser>@ENM.JUSTICE.FR'. This should
as for domain password of <someUser> and than check again ktab -l.
> Do I need to define the ldap module too in CAS?
No.
> I have some weird exception when I try to connect to hello_spnego.jsp on a
> client:
> org.apache.catalina.core.StandardWrapperValve invoke
> GRAVE: "Servlet.service()" pour la servlet jsp a généré une exception
> KrbException: Specified version of key is not available (44)
> at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:527)
> at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:260)
> at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
> at
> sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
> at
> sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
> at
> sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
> at
> sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
> at
> sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:874)
> at
> sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:541)
> at
> sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
> at
> sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
> at
> net.sourceforge.spnego.SpnegoAuthenticator.doSpnegoAuth(SpnegoAuthenticator.java:444)
> at
> net.sourceforge.spnego.SpnegoAuthenticator.authenticate(SpnegoAuthenticator.java:283)
> at
> net.sourceforge.spnego.SpnegoHttpFilter.doFilter(SpnegoHttpFilter.java:229)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> at
> org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:864)
> at
> org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
> at
> org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1600)
> at java.lang.Thread.run(Thread.java:662)
>
> On some forums, we can see it's a problem from the keytab generation and more
> particularly the kvno value but I don't know how to solve this problem.
Try to remove following lines from krb5.conf:
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
Pavel
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
