Hi, This was a bug that I've fixed here: https://issues.apache.org/jira/browse/DIRKRB-731
Could you grab the latest 2.0.x or 1.1.x source from github and build it locally and test that it works? Colm. On Wed, Jan 2, 2019 at 10:05 PM Shane Clements <[email protected]> wrote: > Thought with the release of 1.1.1, I would take another stab at using > Kerby. I think I am running into a similar problem as: > https://www.mail-archive.com/[email protected]/msg01195.html > > Debugging I see: > > public EncryptionKey getKey(PrincipalName principal, EncryptionType > keyType) { > > List<KeytabEntry> entries = getKeytabEntries(principal); > > for (KeytabEntry ke : entries) { > > if (ke.getKey().getKeyType() == keyType) { > > return ke.getKey(); > > } > > } > > iterate a few times looking for "RC4_HMAC" > > **My krb5.conf: > > [libdefaults] > default_realm = domain.com > udp_preference_limit = 1 > forwardable = true > noaddresses = true > default_tgs_enctypes = aes256-cts-hmac-sha1-96 > aes128-cts-hmac-sha1-96 rc4-hmac > default_tkt_enctypes = aes256-cts-hmac-sha1-96 > aes128-cts-hmac-sha1-96 rc4-hmac > permitted_enctypes = aes256-cts-hmac-sha1-96 > aes128-cts-hmac-sha1-96 rc4-hmac > > **My Code: > > KrbClient client = new KrbClient(new File("/path/to/config")); > client.setKdcHost("host"); > client.setKdcTcpPort(88); > client.setAllowUdp(false); > client.setKdcRealm("realm"); > client.init(); > > TgtTicket tgt; > SgtTicket sgt; > > tgt = client.requestTgt("principle", new File("/path/to/krb5.keytab")); > sgt = client.requestSgt(tgt, "HTTP/servicename"); > > > **Exception: > > org.apache.kerby.kerberos.kerb.KrbException: The request failed Client > key should be prepared or prompted at this time! > at > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequest(DefaultInternalKrbClient.java:99) > at > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequestTgt(DefaultInternalKrbClient.java:126) > at > org.apache.kerby.kerberos.kerb.client.impl.AbstractInternalKrbClient.requestTgt(AbstractInternalKrbClient.java:129) > at > org.apache.kerby.kerberos.kerb.client.KrbClientBase.requestTgt(KrbClientBase.java:187) > at > org.apache.kerby.kerberos.kerb.client.KrbClient.requestTgt(KrbClient.java:87) > ... > > Caused by: java.lang.RuntimeException: Client key should be prepared > or prompted at this time! > at > org.apache.kerby.kerberos.kerb.client.request.KdcRequest.needAsKey(KdcRequest.java:363) > at > org.apache.kerby.kerberos.kerb.client.preauth.builtin.EncTsPreauth.tryFirst(EncTsPreauth.java:63) > at > org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandle.tryFirst(PreauthHandle.java:54) > at > org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandler.tryFirst(PreauthHandler.java:144) > at > org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandler.preauth(PreauthHandler.java:92) > at > org.apache.kerby.kerberos.kerb.client.request.KdcRequest.preauth(KdcRequest.java:349) > at > org.apache.kerby.kerberos.kerb.client.request.KdcRequest.process(KdcRequest.java:332) > at > org.apache.kerby.kerberos.kerb.client.request.AsRequest.process(AsRequest.java:75) > at > org.apache.kerby.kerberos.kerb.client.KrbHandler.handleRequest(KrbHandler.java:71) > at > org.apache.kerby.kerberos.kerb.client.impl.DefaultKrbHandler.handleRequest(DefaultKrbHandler.java:40) > at > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.sendIfPossible(DefaultInternalKrbClient.java:118) > at > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequest(DefaultInternalKrbClient.java:81) > > Thanks, > > Shane > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
