Hi Shane, >> Incidentally, is there docs about configuring the client as I always get >> (against a real KDC)
Two ways to configure the client, the first way is what you use, the another way is the same as the MIT Kerberos, using the krb5.conf, putting the krb5.conf under "confDir", then create the client as following: KrbClient krbClient = new KrbClient(confDir); >> org.apache.kerby.kerberos.kerb.KrbException: null with error code: >> KDC_ERR_ETYPE_NOSUPP Please try to reset "permitted_enctypes", the default encryption type is "aes128-cts-hmac-sha1-96" >>Does Kerby cache SGTs? Call the API " void storeTicket(SgtTicket sgtTicket, File ccacheFile)" to cache SGTs. krbClient.storeTicket(sgt, ccFile); Thanks, Jiajia -----Original Message----- From: Shane Clements [mailto:shane.cleme...@gmail.com] Sent: Wednesday, March 7, 2018 5:35 AM To: kerby@directory.apache.org Subject: Caching Hi, I'm wondering if Kerby might be a solution to a problem that I am having. As I understand it, Java 1.7 libraries for working with KDC/Kerberos do not cache service tickets. I was trying a toy program to see if I could cache a service ticket with Kerby library: try { KrbConfig config = new KrbConfig(); config.enableDebug(); KrbClient client = new KrbClient(config); client.setKdcHost("ADHOST"); client.setKdcTcpPort(88); //client.setAllowUdp(false); client.setKdcRealm("Realm"); client.init(); TgtTicket tgt; SgtTicket sgt; tgt = client.requestTgt("user", new File("krb5.keytab")); sgt = client.requestSgt(tgt, "HTTP/test.example.com"); } catch (KrbException e1) { e1.printStackTrace(); } Incidentally, is there docs about configuring the client as I always get (against a real KDC) org.apache.kerby.kerberos.kerb.KrbException: null with error code: KDC_ERR_ETYPE_NOSUPP Which I'm guessing means I need to configure some settings for supported encrption types. Does Kerby cache SGTs? Thanks, Shane