Alright, thanks. We will try once more from scratch. -----Original Message----- From: Felix Schumacher [mailto:felix.schumac...@internetallee.de] Sent: donderdag 23 oktober 2014 20:42 To: Tomcat Users List Subject: Re: Built-in Tomcat Support for Windows Authentication
Am 23.10.2014 um 11:07 schrieb Philippe Wijdh: > Hi, > > Thank you for the response. > The initial setup of the spn and the keytab was without the port-number, the > registry key was a suggestion found on internet but this setting does not > change the outcome. > > The command kinit on the Tomcat server returns the following > > > C:\MyPrograms\Tomcat7\conf>set > KRB5_CONFIG=C:\MyPrograms\Tomcat7\conf\krb5.conf > > > C:\MyPrograms\Tomcat7\conf>c:\MyPrograms\Java\jdk1.7.0_60\bin\kinit > -J-Djava.sec urity.krb5.conf=C:\MyPrograms\Tomcat7\conf\krb5.conf > -J-Djava.security.auth.logi > n.config=C:\MyPrograms\Tomcat7\conf\jaas.conf > -J-Dsun.security.krb5.debug=true - k -t > C:\MyPrograms\Tomcat7\conf\tomcat8080.keytab > HTTP/v3tcat4ad.assai.nl:8080@A SSAI.NL HTTP/v3tcat4ad.assai.nl:8...@assai.nl is the wrong spn. You have to use one without the port number (as described in the docs). Maybe it would be best to follow Mark's advice and start with a fresh system and follow step for step the documentation. Felix >>>> KinitOptions cache name is C:\Users\TestUser\krb5cc_testuser > Principal is HTTP/v3tcat4ad.assai.nl:8...@assai.nl >>>> Kinit using keytab >>>> Kinit keytab file name: >>>> C:\MyPrograms\Tomcat7\conf\tomcat8080.keytab > Java config name: C:\MyPrograms\Tomcat7\conf\krb5.conf > Loaded from Java config >>>> Kinit realm name is ASSAI.NL >>>> Creating KrbAsReq >>>> KrbKdcReq local addresses for V3TCAT4AD are: > V3TCAT4AD/10.1.0.67 > IPv4 address > > V3TCAT4AD/fe80:0:0:0:d815:81c0:97e7:11d2%11 > IPv6 address >>>> KdcAccessibility: reset >>>> KeyTabInputStream, readName(): ASSAI.NL KeyTabInputStream, >>>> readName(): HTTP KeyTabInputStream, readName(): >>>> v3tcat4ad.assai.nl:8080 >>>> KeyTab: load() entry length: 72; type: 23 > Added key: 23version: 0 > Ordering keys wrt default_tkt_enctypes list default etypes for > default_tkt_enctypes: 23 18 17. > default etypes for default_tkt_enctypes: 23 18 17. >>>> KrbAsReq creating message >>>> KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=30000, number >>>> of retries > =3, #bytes=198 >>>> KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=30000,Attempt >>>> =1, #byt > es=198 >>>> KrbKdcReq send: #bytes read=173 >>>> Pre-Authentication Data: > PA-DATA type = 11 > PA-ETYPE-INFO etype = 23, salt = > >>>> Pre-Authentication Data: > PA-DATA type = 19 > PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null > >>>> Pre-Authentication Data: > PA-DATA type = 2 > PA-ENC-TIMESTAMP >>>> Pre-Authentication Data: > PA-DATA type = 16 > >>>> Pre-Authentication Data: > PA-DATA type = 15 > >>>> KdcAccessibility: remove v3dom1.assai.nl:88 >>>> KDCRep: init() encoding tag is 126 req type is 11 >>>> KRBError: > sTime is Thu Oct 23 10:21:31 CEST 2014 1414052491000 > suSec is 776700 > error code is 25 > error Message is Additional pre-authentication required > realm is ASSAI.NL > sname is krbtgt/ASSAI.NL > eData provided. > msgType is 30 >>>> Pre-Authentication Data: > PA-DATA type = 11 > PA-ETYPE-INFO etype = 23, salt = > >>>> Pre-Authentication Data: > PA-DATA type = 19 > PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null > >>>> Pre-Authentication Data: > PA-DATA type = 2 > PA-ENC-TIMESTAMP >>>> Pre-Authentication Data: > PA-DATA type = 16 > >>>> Pre-Authentication Data: > PA-DATA type = 15 > > KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes for > default_tkt_enctypes: 23 18 17. > Added key: 23version: 0 > Ordering keys wrt default_tkt_enctypes list default etypes for > default_tkt_enctypes: 23 18 17. > Added key: 23version: 0 > Ordering keys wrt default_tkt_enctypes list default etypes for > default_tkt_enctypes: 23 18 17. > default etypes for default_tkt_enctypes: 23 18 17. >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>> KrbAsReq creating message >>>> KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=30000, number >>>> of retries > =3, #bytes=283 >>>> KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=30000,Attempt >>>> =1, #byt > es=283 >>>> KrbKdcReq send: #bytes read=88 >>>> KrbKdcReq send: kdc=v3dom1.assai.nl TCP:88, timeout=30000, number >>>> of retries > =3, #bytes=283 >>>> KDCCommunication: kdc=v3dom1.assai.nl TCP:88, timeout=30000,Attempt >>>> =1, #byt > es=283 >>>> DEBUG: TCPClient reading 1496 bytes KrbKdcReq send: #bytes >>>> read=1496 >>>> KdcAccessibility: remove v3dom1.assai.nl:88 > Added key: 23version: 0 > Ordering keys wrt default_tkt_enctypes list default etypes for > default_tkt_enctypes: 23 18 17. >>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>> KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 > New ticket is stored in cache file C:\Users\TestUser\krb5cc_testuser > > C:\MyPrograms\Tomcat7\conf>klist > > Current LogonId is 0:0x13380b5c > > Cached Tickets: (0) > > > > > Kind regards, > > Philippe Wijdh > Senior Programmer > > Assai software services BV, Parallelweg Oost 13a, 4103 NC, Culemborg, > The Netherlands > P: +31 (0)345 516 663, E: p.wi...@assai.nl, W: > www.assai-software.com > > -----Original Message----- > From: Felix Schumacher [mailto:felix.schumac...@internetallee.de] > Sent: donderdag 23 oktober 2014 7:53 > To: Tomcat Users List > Subject: Re: Built-in Tomcat Support for Windows Authentication > > > > Am 22. Oktober 2014 11:40:56 MESZ, schrieb Philippe Wijdh <p.wi...@assai.nl>: >> Hello, >> >> We have spent a long time now, trying to set up Apache Tomcat with >> Windows Authentication. >> We followed the instructions as per >> http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html but >> we cannot make it work properly, the logon dialog keeps appearing and >> trying to log on fails. >> Additional to that we tried suggestions, like adding the registry key >> AllowTgtSessionKey and setting it to 0x01 > Haven't seen that recommendation in the tomcat documentation. > > >> Seems like we are close but we are missing something (see tomcat >> output >> below) >> Does anyone have a more complete documentation or have any >> suggestions on how to make this work. >> >> >> Kind regards, >> >> Philippe Wijdh >> >> >> >> Extra information on the setup: >> >> Windows 2008 r2 sp1 >> Apache Tomcat 7.0.54 >> jdk1.7.0_60 >> >> Tomcat is running as a service using account >> HTTP/v3tcat4ad.assai.nl:8080 (have created spn with and without the >> port number, does not make a difference) > You will have to use the spn without the port. > >> Test is done with user testu...@assai.nl<mailto:testu...@assai.nl> in >> IE11 on different machines, with http://v3tcat4ad.assai.nl explicitly >> added to the Intranet sites. >> >> >> >> Tomcat Output: >> >>>>> KeyTabInputStream, readName(): ASSAI.NL KeyTabInputStream, >>>>> readName(): HTTP KeyTabInputStream, readName(): >>>>> v3tcat4ad.assai.nl:8080 > What is inside your keytab? > >>>>> KeyTab: load() entry length: 72; type: 23 >> Java config name: C:\MyPrograms\Tomcat7\conf\krb5.conf >> Loaded from Java config >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >>>>> KdcAccessibility: reset >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> default etypes for default_tkt_enctypes: 23 18 17. >>>>> KrbAsReq creating message >>>>> KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=30000, number >> of retries =3, #bytes=152 >>>>> KDCCommunication: kdc=v3dom1.assai.nl UDP:88, >>>>> timeout=30000,Attempt >> =1, #bytes=152 >>>>> KrbKdcReq send: #bytes read=173 >>>>> Pre-Authentication Data: >> PA-DATA type = 11 >> PA-ETYPE-INFO etype = 23, salt = >> >>>>> Pre-Authentication Data: >> PA-DATA type = 19 >> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null >> >>>>> Pre-Authentication Data: >> PA-DATA type = 2 >> PA-ENC-TIMESTAMP >>>>> Pre-Authentication Data: >> PA-DATA type = 16 >> >>>>> Pre-Authentication Data: >> PA-DATA type = 15 >> >>>>> KdcAccessibility: remove v3dom1.assai.nl:88 >>>>> KDCRep: init() encoding tag is 126 req type is 11 >>>>> KRBError: >> sTime is Wed Oct 22 09:53:56 CEST 2014 1413964436000 >> suSec is 403143 >> error code is 25 >> error Message is Additional pre-authentication required >> realm is ASSAI.NL >> sname is krbtgt/ASSAI.NL >> eData provided. >> msgType is 30 >>>>> Pre-Authentication Data: >> PA-DATA type = 11 >> PA-ETYPE-INFO etype = 23, salt = >> >>>>> Pre-Authentication Data: >> PA-DATA type = 19 >> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null >> >>>>> Pre-Authentication Data: >> PA-DATA type = 2 >> PA-ENC-TIMESTAMP >>>>> Pre-Authentication Data: >> PA-DATA type = 16 >> >>>>> Pre-Authentication Data: >> PA-DATA type = 15 >> >> KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes >> for >> default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> default etypes for default_tkt_enctypes: 23 18 17. >>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>>> KrbAsReq creating message >>>>> KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=30000, number >> of retries =3, #bytes=235 >>>>> KDCCommunication: kdc=v3dom1.assai.nl UDP:88, >>>>> timeout=30000,Attempt >> =1, #bytes=235 >>>>> KrbKdcReq send: #bytes read=1446 >>>>> KdcAccessibility: remove v3dom1.assai.nl:88 >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 > This is the wrong spn. The port number should not be there. > > Regards > Felix > >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> Search Subject for SPNEGO ACCEPT cred (<<DEF>>, >> sun.security.jgss.spnego.SpNegoCredElement) >> Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>, >> sun.security.jgss.krb5.Krb5AcceptCredential) >> Found KeyTab >> Found KerberosKey for HTTP/v3tcat4ad.assai.nl:8...@assai.nl >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> default etypes for default_tkt_enctypes: 23 18 17. >>>>> KrbAsReq creating message >>>>> KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=30000, number >> of retries =3, #bytes=152 >>>>> KDCCommunication: kdc=v3dom1.assai.nl UDP:88, >>>>> timeout=30000,Attempt >> =1, #bytes=152 >>>>> KrbKdcReq send: #bytes read=173 >>>>> Pre-Authentication Data: >> PA-DATA type = 11 >> PA-ETYPE-INFO etype = 23, salt = >> >>>>> Pre-Authentication Data: >> PA-DATA type = 19 >> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null >> >>>>> Pre-Authentication Data: >> PA-DATA type = 2 >> PA-ENC-TIMESTAMP >>>>> Pre-Authentication Data: >> PA-DATA type = 16 >> >>>>> Pre-Authentication Data: >> PA-DATA type = 15 >> >>>>> KdcAccessibility: remove v3dom1.assai.nl:88 >>>>> KDCRep: init() encoding tag is 126 req type is 11 >>>>> KRBError: >> sTime is Wed Oct 22 09:54:12 CEST 2014 1413964452000 >> suSec is 996893 >> error code is 25 >> error Message is Additional pre-authentication required >> realm is ASSAI.NL >> sname is krbtgt/ASSAI.NL >> eData provided. >> msgType is 30 >>>>> Pre-Authentication Data: >> PA-DATA type = 11 >> PA-ETYPE-INFO etype = 23, salt = >> >>>>> Pre-Authentication Data: >> PA-DATA type = 19 >> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null >> >>>>> Pre-Authentication Data: >> PA-DATA type = 2 >> PA-ENC-TIMESTAMP >>>>> Pre-Authentication Data: >> PA-DATA type = 16 >> >>>>> Pre-Authentication Data: >> PA-DATA type = 15 >> >> KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes >> for >> default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> default etypes for default_tkt_enctypes: 23 18 17. >>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>>> KrbAsReq creating message >>>>> KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=30000, number >> of retries =3, #bytes=235 >>>>> KDCCommunication: kdc=v3dom1.assai.nl UDP:88, >>>>> timeout=30000,Attempt >> =1, #bytes=235 >>>>> KrbKdcReq send: #bytes read=1446 >>>>> KdcAccessibility: remove v3dom1.assai.nl:88 >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> Search Subject for SPNEGO ACCEPT cred (<<DEF>>, >> sun.security.jgss.spnego.SpNegoCredElement) >> Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>, >> sun.security.jgss.krb5.Krb5AcceptCredential) >> Found KeyTab >> Found KerberosKey for HTTP/v3tcat4ad.assai.nl:8...@assai.nl >> Entered Krb5Context.acceptSecContext with state=STATE_NEW Added key: >> 23version: 0 Ordering keys wrt default_tkt_enctypes list default >> etypes for default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> default etypes for default_tkt_enctypes: 23 18 17. >>>>> KrbAsReq creating message >>>>> KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=30000, number >> of retries =3, #bytes=152 >>>>> KDCCommunication: kdc=v3dom1.assai.nl UDP:88, >>>>> timeout=30000,Attempt >> =1, #bytes=152 >>>>> KrbKdcReq send: #bytes read=173 >>>>> Pre-Authentication Data: >> PA-DATA type = 11 >> PA-ETYPE-INFO etype = 23, salt = >> >>>>> Pre-Authentication Data: >> PA-DATA type = 19 >> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null >> >>>>> Pre-Authentication Data: >> PA-DATA type = 2 >> PA-ENC-TIMESTAMP >>>>> Pre-Authentication Data: >> PA-DATA type = 16 >> >>>>> Pre-Authentication Data: >> PA-DATA type = 15 >> >>>>> KdcAccessibility: remove v3dom1.assai.nl:88 >>>>> KDCRep: init() encoding tag is 126 req type is 11 >>>>> KRBError: >> sTime is Wed Oct 22 09:54:56 CEST 2014 1413964496000 >> suSec is 543768 >> error code is 25 >> error Message is Additional pre-authentication required >> realm is ASSAI.NL >> sname is krbtgt/ASSAI.NL >> eData provided. >> msgType is 30 >>>>> Pre-Authentication Data: >> PA-DATA type = 11 >> PA-ETYPE-INFO etype = 23, salt = >> >>>>> Pre-Authentication Data: >> PA-DATA type = 19 >> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null >> >>>>> Pre-Authentication Data: >> PA-DATA type = 2 >> PA-ENC-TIMESTAMP >>>>> Pre-Authentication Data: >> PA-DATA type = 16 >> >>>>> Pre-Authentication Data: >> PA-DATA type = 15 >> >> KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes >> for >> default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> default etypes for default_tkt_enctypes: 23 18 17. >>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>>> KrbAsReq creating message >>>>> KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=30000, number >> of retries =3, #bytes=235 >>>>> KDCCommunication: kdc=v3dom1.assai.nl UDP:88, >>>>> timeout=30000,Attempt >> =1, #bytes=235 >>>>> KrbKdcReq send: #bytes read=1446 >>>>> KdcAccessibility: remove v3dom1.assai.nl:88 >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> Search Subject for SPNEGO ACCEPT cred (<<DEF>>, >> sun.security.jgss.spnego.SpNegoCredElement) >> Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>, >> sun.security.jgss.krb5.Krb5AcceptCredential) >> Found KeyTab >> Found KerberosKey for HTTP/v3tcat4ad.assai.nl:8...@assai.nl >> 09:55:00.008 [QuartzScheduler_Worker-1] DEBUG >> org.quartz.core.JobRunShell - Calling execute on job >> DEFAULT.reportsJob >> 09:55:00.008 [QuartzScheduler_Worker-1] DEBUG >> org.quartz.core.JobRunShell - Calling execute on job >> DEFAULT.reportsJob Added key: 23version: 0 Ordering keys wrt >> default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> default etypes for default_tkt_enctypes: 23 18 17. >>>>> KrbAsReq creating message >>>>> KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=30000, number >> of retries =3, #bytes=152 >>>>> KDCCommunication: kdc=v3dom1.assai.nl UDP:88, >>>>> timeout=30000,Attempt >> =1, #bytes=152 >>>>> KrbKdcReq send: #bytes read=173 >>>>> Pre-Authentication Data: >> PA-DATA type = 11 >> PA-ETYPE-INFO etype = 23, salt = >> >>>>> Pre-Authentication Data: >> PA-DATA type = 19 >> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null >> >>>>> Pre-Authentication Data: >> PA-DATA type = 2 >> PA-ENC-TIMESTAMP >>>>> Pre-Authentication Data: >> PA-DATA type = 16 >> >>>>> Pre-Authentication Data: >> PA-DATA type = 15 >> >>>>> KdcAccessibility: remove v3dom1.assai.nl:88 >>>>> KDCRep: init() encoding tag is 126 req type is 11 >>>>> KRBError: >> sTime is Wed Oct 22 09:55:15 CEST 2014 1413964515000 >> suSec is 715643 >> error code is 25 >> error Message is Additional pre-authentication required >> realm is ASSAI.NL >> sname is krbtgt/ASSAI.NL >> eData provided. >> msgType is 30 >>>>> Pre-Authentication Data: >> PA-DATA type = 11 >> PA-ETYPE-INFO etype = 23, salt = >> >>>>> Pre-Authentication Data: >> PA-DATA type = 19 >> PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null >> >>>>> Pre-Authentication Data: >> PA-DATA type = 2 >> PA-ENC-TIMESTAMP >>>>> Pre-Authentication Data: >> PA-DATA type = 16 >> >>>>> Pre-Authentication Data: >> PA-DATA type = 15 >> >> KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes >> for >> default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> default etypes for default_tkt_enctypes: 23 18 17. >>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>>> KrbAsReq creating message >>>>> KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=30000, number >> of retries =3, #bytes=235 >>>>> KDCCommunication: kdc=v3dom1.assai.nl UDP:88, >>>>> timeout=30000,Attempt >> =1, #bytes=235 >>>>> KrbKdcReq send: #bytes read=1446 >>>>> KdcAccessibility: remove v3dom1.assai.nl:88 >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 >> Added key: 23version: 0 >> Ordering keys wrt default_tkt_enctypes list default etypes for >> default_tkt_enctypes: 23 18 17. >> Search Subject for SPNEGO ACCEPT cred (<<DEF>>, >> sun.security.jgss.spnego.SpNegoCredElement) >> Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>, >> sun.security.jgss.krb5.Krb5AcceptCredential) >> Found KeyTab >> Found KerberosKey for HTTP/v3tcat4ad.assai.nl:8...@assai.nl >> Entered Krb5Context.acceptSecContext with state=STATE_NEW Added key: >> 23version: 0 Ordering keys wrt default_tkt_enctypes list default >> etypes for default_tkt_enctypes: 23 18 17. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org