Re: [kerberos client]Problem to obtain TGT from KDC.

Wed, 24 Oct 2007 12:30:36 -0700 

Hi, Leo,

This looks like an MIT Kerberos configuration issue.  The MIT KDC is
responding that it is not configured to use encryption type 3
(DES-CBC-MD5).  The client is simply reporting the error returned by
the KDC.  I recommend reviewing MIT Kerberos server documentation.
Alternatively, you can use the "long form" of the ApacheDS Kerberos
client component to try to use an enc type that is supported by
default by MIT Kerberos KDC.

Enrique


On 10/23/07, Leo Li <[EMAIL PROTECTED]> wrote:
> Hi, all
>
>    I am trying to connect to KDC to get a TGT by:
>    String hostname = "wks107904wss.cn.ibm.com";
>    int port = 88;
>    KdcConnection con = new KdcConnection( hostname + ":" + port );
>    KerberosTicket tgt = con.getTicketGrantingTicket( clientPrincipal,
> password );
>
>    But it fails with such stacktrace:
>    Exception in thread "main"
> org.apache.directory.client.kerberos.KdcConnectionException:
> BAD_ENCRYPTION_TYPE
> at 
> org.apache.directory.client.kerberos.GetTicketGrantingTicket.processError(GetTicketGrantingTicket.java:167)
> at 
> org.apache.directory.client.kerberos.GetTicketGrantingTicket.execute(GetTicketGrantingTicket.java:153)
> at 
> org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:118)
> at 
> org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:101)
> at org.apache.directory.client.kerberos.Main.go(Main.java:62)
> at org.apache.directory.client.kerberos.Main.main(Main.java:55)
>
>
>   And on the kdc side, the server has such log:
>   Oct 23 16:12:28 wks107904wss.cn.ibm.com krb5kdc[2304](info) :
> AS_REQ(1 etypes{3}) 9.181.106.61:BAD_ENCRYPTION_TYPE:[EMAIL PROTECTED]
> for krbtgt/[EMAIL PROTECTED], KDC has no support for encryption
> type
>
>   The KDC is provided by redhat enterprise 5 with default setup configuration.
>
>   And if I try the same program in the machine where KDC resides and
> run it with "localhost" as host parameter, it will get null TGT and
> from the KDC log there seems no further log as if no Kerberos Request
> had been sent to KDC.
>
>   Can somebody help?
>
>   Thanks,
>
> --
> Leo Li
> China Software Development Lab, IBM
>

Reply via email to