At guess you probably want to use GSS instead to get the ticket, for example:
https://github.com/apache/directory-kerby/blob/73356def19ff9835fb343d6755765813dd4872e5/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java On Wed, Jan 9, 2019 at 4:02 PM Shane Clements <[email protected]> wrote: > Hi Colm, > > Thanks for reply. I used the 1.1.1 binary version. I worked around > this as you did using: > > permitted_enctypes = arcfour-hmac > > I get a ticket now, but when I send this ticket I always get unauthorized. > > Wondering how I can base 64 encode the ticket for addition to HTTP headers: > > Authorization: Negotiate <ticket> > > I have: > > sgt.getTicket().encode() > > But never get quite what I expect. > > > > On Mon, Jan 7, 2019 at 5:39 AM Colm O hEigeartaigh <[email protected]> > wrote: > > > > Hi, > > > > This was a bug that I've fixed here: > > https://issues.apache.org/jira/browse/DIRKRB-731 > > > > Could you grab the latest 2.0.x or 1.1.x source from github and build it > > locally and test that it works? > > > > Colm. > > > > On Wed, Jan 2, 2019 at 10:05 PM Shane Clements <[email protected] > > > > wrote: > > > > > Thought with the release of 1.1.1, I would take another stab at using > > > Kerby. I think I am running into a similar problem as: > > > https://www.mail-archive.com/[email protected]/msg01195.html > > > > > > Debugging I see: > > > > > > public EncryptionKey getKey(PrincipalName principal, EncryptionType > > > keyType) { > > > > > > List<KeytabEntry> entries = getKeytabEntries(principal); > > > > > > for (KeytabEntry ke : entries) { > > > > > > if (ke.getKey().getKeyType() == keyType) { > > > > > > return ke.getKey(); > > > > > > } > > > > > > } > > > > > > iterate a few times looking for "RC4_HMAC" > > > > > > **My krb5.conf: > > > > > > [libdefaults] > > > default_realm = domain.com > > > udp_preference_limit = 1 > > > forwardable = true > > > noaddresses = true > > > default_tgs_enctypes = aes256-cts-hmac-sha1-96 > > > aes128-cts-hmac-sha1-96 rc4-hmac > > > default_tkt_enctypes = aes256-cts-hmac-sha1-96 > > > aes128-cts-hmac-sha1-96 rc4-hmac > > > permitted_enctypes = aes256-cts-hmac-sha1-96 > > > aes128-cts-hmac-sha1-96 rc4-hmac > > > > > > **My Code: > > > > > > KrbClient client = new KrbClient(new File("/path/to/config")); > > > client.setKdcHost("host"); > > > client.setKdcTcpPort(88); > > > client.setAllowUdp(false); > > > client.setKdcRealm("realm"); > > > client.init(); > > > > > > TgtTicket tgt; > > > SgtTicket sgt; > > > > > > tgt = client.requestTgt("principle", new File("/path/to/krb5.keytab")); > > > sgt = client.requestSgt(tgt, "HTTP/servicename"); > > > > > > > > > **Exception: > > > > > > org.apache.kerby.kerberos.kerb.KrbException: The request failed Client > > > key should be prepared or prompted at this time! > > > at > > > > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequest(DefaultInternalKrbClient.java:99) > > > at > > > > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequestTgt(DefaultInternalKrbClient.java:126) > > > at > > > > org.apache.kerby.kerberos.kerb.client.impl.AbstractInternalKrbClient.requestTgt(AbstractInternalKrbClient.java:129) > > > at > > > > org.apache.kerby.kerberos.kerb.client.KrbClientBase.requestTgt(KrbClientBase.java:187) > > > at > > > > org.apache.kerby.kerberos.kerb.client.KrbClient.requestTgt(KrbClient.java:87) > > > ... > > > > > > Caused by: java.lang.RuntimeException: Client key should be prepared > > > or prompted at this time! > > > at > > > > org.apache.kerby.kerberos.kerb.client.request.KdcRequest.needAsKey(KdcRequest.java:363) > > > at > > > > org.apache.kerby.kerberos.kerb.client.preauth.builtin.EncTsPreauth.tryFirst(EncTsPreauth.java:63) > > > at > > > > org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandle.tryFirst(PreauthHandle.java:54) > > > at > > > > org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandler.tryFirst(PreauthHandler.java:144) > > > at > > > > org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandler.preauth(PreauthHandler.java:92) > > > at > > > > org.apache.kerby.kerberos.kerb.client.request.KdcRequest.preauth(KdcRequest.java:349) > > > at > > > > org.apache.kerby.kerberos.kerb.client.request.KdcRequest.process(KdcRequest.java:332) > > > at > > > > org.apache.kerby.kerberos.kerb.client.request.AsRequest.process(AsRequest.java:75) > > > at > > > > org.apache.kerby.kerberos.kerb.client.KrbHandler.handleRequest(KrbHandler.java:71) > > > at > > > > org.apache.kerby.kerberos.kerb.client.impl.DefaultKrbHandler.handleRequest(DefaultKrbHandler.java:40) > > > at > > > > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.sendIfPossible(DefaultInternalKrbClient.java:118) > > > at > > > > org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequest(DefaultInternalKrbClient.java:81) > > > > > > Thanks, > > > > > > Shane > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
