> Hi Vincent,
Hi Marc-Antoine,
> Have you set the 'use DES encryption' checkbox on the user account option
> (you'll have to reset its password after)?
yes
> I have discovered some configuration hints regarding the current tutorial.
> 1)much of the krb5.conf stuff is optional (ie to use kinit tool).
> Have you manage to use your keytab to get some tickets?
yes
> try kinit -k -t your.keytab HTTP/[EMAIL PROTECTED]
> 2) depending on your cas environment, the sun kerberos login module would
> not be able to find/use the keytab in the current configuration.
> Add the following option to login.conf :
> useKeyTab=true, keyTab=your.keytab
> (the file your.keytab must be in the home directory of the user that
> launch
> the cas JVM).
>
I use this configuration, the keytab is not needed.
<property name="jcifsServicePrincipal" value="HTTP/[EMAIL PROTECTED]" />
<property name="jcifsServicePassword" value="password" />
But I have an encryption problem.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbAsReq etypes are: 3 1
>>> KrbKdcReq send: kdc=ad-hr-1 UDP:88, timeout=30000, number of retries
=3, #bytes=222
>>> KDCCommunication: kdc=ad-hr-1 UDP:88, timeout=30000,Attempt =1,
#bytes=222
>>> KrbKdcReq send: #bytes read=1258
>>> KrbKdcReq send: #bytes read=1258
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/xnet_7
Found key for HTTP/[EMAIL PROTECTED]
Entered Krb5Context.acceptSecContext with state=STATE_NEW
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism
level: KDC has no support for encryption type (14))
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
