Thought with the release of 1.1.1, I would take another stab at using
Kerby. I think I am running into a similar problem as:
https://www.mail-archive.com/[email protected]/msg01195.html
Debugging I see:
public EncryptionKey getKey(PrincipalName principal, EncryptionType keyType) {
List<KeytabEntry> entries = getKeytabEntries(principal);
for (KeytabEntry ke : entries) {
if (ke.getKey().getKeyType() == keyType) {
return ke.getKey();
}
}
iterate a few times looking for "RC4_HMAC"
**My krb5.conf:
[libdefaults]
default_realm = domain.com
udp_preference_limit = 1
forwardable = true
noaddresses = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 rc4-hmac
default_tkt_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 rc4-hmac
permitted_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 rc4-hmac
**My Code:
KrbClient client = new KrbClient(new File("/path/to/config"));
client.setKdcHost("host");
client.setKdcTcpPort(88);
client.setAllowUdp(false);
client.setKdcRealm("realm");
client.init();
TgtTicket tgt;
SgtTicket sgt;
tgt = client.requestTgt("principle", new File("/path/to/krb5.keytab"));
sgt = client.requestSgt(tgt, "HTTP/servicename");
**Exception:
org.apache.kerby.kerberos.kerb.KrbException: The request failed Client
key should be prepared or prompted at this time!
at
org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequest(DefaultInternalKrbClient.java:99)
at
org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequestTgt(DefaultInternalKrbClient.java:126)
at
org.apache.kerby.kerberos.kerb.client.impl.AbstractInternalKrbClient.requestTgt(AbstractInternalKrbClient.java:129)
at
org.apache.kerby.kerberos.kerb.client.KrbClientBase.requestTgt(KrbClientBase.java:187)
at org.apache.kerby.kerberos.kerb.client.KrbClient.requestTgt(KrbClient.java:87)
...
Caused by: java.lang.RuntimeException: Client key should be prepared
or prompted at this time!
at
org.apache.kerby.kerberos.kerb.client.request.KdcRequest.needAsKey(KdcRequest.java:363)
at
org.apache.kerby.kerberos.kerb.client.preauth.builtin.EncTsPreauth.tryFirst(EncTsPreauth.java:63)
at
org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandle.tryFirst(PreauthHandle.java:54)
at
org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandler.tryFirst(PreauthHandler.java:144)
at
org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandler.preauth(PreauthHandler.java:92)
at
org.apache.kerby.kerberos.kerb.client.request.KdcRequest.preauth(KdcRequest.java:349)
at
org.apache.kerby.kerberos.kerb.client.request.KdcRequest.process(KdcRequest.java:332)
at
org.apache.kerby.kerberos.kerb.client.request.AsRequest.process(AsRequest.java:75)
at
org.apache.kerby.kerberos.kerb.client.KrbHandler.handleRequest(KrbHandler.java:71)
at
org.apache.kerby.kerberos.kerb.client.impl.DefaultKrbHandler.handleRequest(DefaultKrbHandler.java:40)
at
org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.sendIfPossible(DefaultInternalKrbClient.java:118)
at
org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequest(DefaultInternalKrbClient.java:81)
Thanks,
Shane
