Hi Colm, Thanks for reply. I used the 1.1.1 binary version. I worked around this as you did using:
permitted_enctypes = arcfour-hmac I get a ticket now, but when I send this ticket I always get unauthorized. Wondering how I can base 64 encode the ticket for addition to HTTP headers: Authorization: Negotiate <ticket> I have: sgt.getTicket().encode() But never get quite what I expect. On Mon, Jan 7, 2019 at 5:39 AM Colm O hEigeartaigh <[email protected]> wrote: > > Hi, > > This was a bug that I've fixed here: > https://issues.apache.org/jira/browse/DIRKRB-731 > > Could you grab the latest 2.0.x or 1.1.x source from github and build it > locally and test that it works? > > Colm. > > On Wed, Jan 2, 2019 at 10:05 PM Shane Clements <[email protected]> > wrote: > > > Thought with the release of 1.1.1, I would take another stab at using > > Kerby. I think I am running into a similar problem as: > > https://www.mail-archive.com/[email protected]/msg01195.html > > > > Debugging I see: > > > > public EncryptionKey getKey(PrincipalName principal, EncryptionType > > keyType) { > > > > List<KeytabEntry> entries = getKeytabEntries(principal); > > > > for (KeytabEntry ke : entries) { > > > > if (ke.getKey().getKeyType() == keyType) { > > > > return ke.getKey(); > > > > } > > > > } > > > > iterate a few times looking for "RC4_HMAC" > > > > **My krb5.conf: > > > > [libdefaults] > > default_realm = domain.com > > udp_preference_limit = 1 > > forwardable = true > > noaddresses = true > > default_tgs_enctypes = aes256-cts-hmac-sha1-96 > > aes128-cts-hmac-sha1-96 rc4-hmac > > default_tkt_enctypes = aes256-cts-hmac-sha1-96 > > aes128-cts-hmac-sha1-96 rc4-hmac > > permitted_enctypes = aes256-cts-hmac-sha1-96 > > aes128-cts-hmac-sha1-96 rc4-hmac > > > > **My Code: > > > > KrbClient client = new KrbClient(new File("/path/to/config")); > > client.setKdcHost("host"); > > client.setKdcTcpPort(88); > > client.setAllowUdp(false); > > client.setKdcRealm("realm"); > > client.init(); > > > > TgtTicket tgt; > > SgtTicket sgt; > > > > tgt = client.requestTgt("principle", new File("/path/to/krb5.keytab")); > > sgt = client.requestSgt(tgt, "HTTP/servicename"); > > > > > > **Exception: > > > > org.apache.kerby.kerberos.kerb.KrbException: The request failed Client > > key should be prepared or prompted at this time! > > at > > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequest(DefaultInternalKrbClient.java:99) > > at > > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequestTgt(DefaultInternalKrbClient.java:126) > > at > > org.apache.kerby.kerberos.kerb.client.impl.AbstractInternalKrbClient.requestTgt(AbstractInternalKrbClient.java:129) > > at > > org.apache.kerby.kerberos.kerb.client.KrbClientBase.requestTgt(KrbClientBase.java:187) > > at > > org.apache.kerby.kerberos.kerb.client.KrbClient.requestTgt(KrbClient.java:87) > > ... > > > > Caused by: java.lang.RuntimeException: Client key should be prepared > > or prompted at this time! > > at > > org.apache.kerby.kerberos.kerb.client.request.KdcRequest.needAsKey(KdcRequest.java:363) > > at > > org.apache.kerby.kerberos.kerb.client.preauth.builtin.EncTsPreauth.tryFirst(EncTsPreauth.java:63) > > at > > org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandle.tryFirst(PreauthHandle.java:54) > > at > > org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandler.tryFirst(PreauthHandler.java:144) > > at > > org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandler.preauth(PreauthHandler.java:92) > > at > > org.apache.kerby.kerberos.kerb.client.request.KdcRequest.preauth(KdcRequest.java:349) > > at > > org.apache.kerby.kerberos.kerb.client.request.KdcRequest.process(KdcRequest.java:332) > > at > > org.apache.kerby.kerberos.kerb.client.request.AsRequest.process(AsRequest.java:75) > > at > > org.apache.kerby.kerberos.kerb.client.KrbHandler.handleRequest(KrbHandler.java:71) > > at > > org.apache.kerby.kerberos.kerb.client.impl.DefaultKrbHandler.handleRequest(DefaultKrbHandler.java:40) > > at > > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.sendIfPossible(DefaultInternalKrbClient.java:118) > > at > > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequest(DefaultInternalKrbClient.java:81) > > > > Thanks, > > > > Shane > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
