Hi,
I am trying to implement slient authentication using SPNEGO, My app server is
JBOSS, Java vs 1.6. After I was done with configuraton during testing I get the
following exception:
"Caused by: KrbException: Invalid argument (400) - Cannot find key of
appropriate type to decrypt AP REP - RC4 with HMAC"
To enforce KDC to use DES encryption, so I recreated new user with new property
of "Use DES encryption type" selected, set SPN and recreated keyTab file using
crypto as DES-CBC-CRC.
[cid:657055523@12032009-0211]
I got the same stack trace:
Caused by: KrbException: Invalid argument (400) - Cannot find key of
appropriate type to decrypt AP REP - RC4 with HMAC
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:262)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
at
sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
This means KDC is encrypting using RC4, even if "Use DES encryption type for
this account" checkbox is checked.
But I an not very sure that this is a KDC issue, because AP REQ and AP RES are
the message exchange between client and server, not between client and KDC.
Can you guide do where should I make the fix, I am stuck.
-Nagendra
**********************************************************************
E-mail sent through the Internet is not secure. Western Asset
therefore recommends that you do not send any confidential or
sensitive information to us via electronic mail, including social
security numbers, account numbers, or personal identification
numbers. Delivery, and or timely delivery of Internet mail is not
guaranteed. Western Asset therefore recommends that you do not send
time sensitive or action-oriented messages to us via electronic
mail.
**********************************************************************
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
