[30867] in Kerberos
FW: JBoss Negotiate
daemon@ATHENA.MIT.EDU (Krishnawat, Nagendra)
Fri Mar 13 14:37:50 2009
From: "Krishnawat, Nagendra" <Nagendra.Krishnawat@westernasset.com>
To: "'Kerberos@mit.edu'" <Kerberos@mit.edu>
Date: Fri, 13 Mar 2009 11:15:35 -0700
Message-ID: <CD466582FA6D3D4E8896E91AE7483C5D63BBA1752E@PASEXCCMS1.wam.westernasset.local>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0758762070=="
Errors-To: kerberos-bounces@mit.edu
--===============0758762070==
Content-Language: en-US
Content-Type: multipart/related; type="multipart/alternative";
boundary="_004_CD466582FA6D3D4E8896E91AE7483C5D63BBA1752EPASEXCCMS1wam_"
--_004_CD466582FA6D3D4E8896E91AE7483C5D63BBA1752EPASEXCCMS1wam_
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,=0D=0A=0D=0AI am trying to implement slient authentication using SPNEGO,=
My app server is JBOSS, Java vs 1=2E6=2E After I was done with configurato=
n during testing I get the following exception:=0D=0A=0D=0A"Caused by: KrbE=
xception: Invalid argument (400) - Cannot find key of appropriate type to d=
ecrypt AP REP - RC4 with HMAC"=0D=0A=0D=0ATo enforce KDC to use DES encrypt=
ion, so I recreated new user with new property of "Use DES encryption type"=
selected, set SPN and recreated keyTab file using crypto as DES-CBC-CRC=2E=
=0D=0A=0D=0A=0D=0A[cid:657055523@12032009-0211]=0D=0AI got the same stack t=
race:=0D=0A=0D=0ACaused by: KrbException: Invalid argument (400) - Cannot f=
ind key of appropriate type to decrypt AP REP - RC4 with HMAC=0D=0A =
at sun=2Esecurity=2Ekrb5=2EKrbApReq=2Eauthenticate(KrbApReq=2Ejava:262)=0D=
=0A at sun=2Esecurity=2Ekrb5=2EKrbApReq=2E<init>(KrbApReq=2Ejava:134=
)=0D=0A at sun=2Esecurity=2Ejgss=2Ekrb5=2EInitSecContextToken=2E<ini=
t>(InitSecContextToken=2Ejava:79)=0D=0A=0D=0AThis means KDC is encrypting u=
sing RC4, even if "Use DES encryption type for this account" checkbox is ch=
ecked=2E=0D=0A=0D=0ABut I an not very sure that this is a KDC issue, becaus=
e AP REQ and AP RES are the message exchange between client and server, not=
between client and KDC=2E=0D=0A=0D=0ACan you guide do where should I make =
the fix, I am stuck=2E=0D=0A=0D=0A-Nagendra=0D=0A=0D=0A=0D=0A**************=
********************************************************=0D=0AE-mail sent t=
hrough the Internet is not secure=2E Western Asset=0Atherefore recommends t=
hat you do not send any confidential or=0Asensitive information to us via e=
lectronic mail, including social=0Asecurity numbers, account numbers, or pe=
rsonal identification=0Anumbers=2E Delivery, and or timely delivery of Inte=
rnet mail is not=0Aguaranteed=2E Western Asset therefore recommends that yo=
u do not send=0Atime sensitive or action-oriented messages to us via electr=
onic=0Amail=2E =0D=0A******************************************************=
****************=0D=0A
--_004_CD466582FA6D3D4E8896E91AE7483C5D63BBA1752EPASEXCCMS1wam_--
--===============0758762070==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0758762070==--
