[30869] in Kerberos
Re: FW: JBoss Negotiate
daemon@ATHENA.MIT.EDU (Chris)
Sun Mar 15 17:22:43 2009
From: Chris <chriscorbell@gmail.com>
Date: Sat, 14 Mar 2009 18:29:45 -0700 (PDT)
Message-ID: <191b692c-84d7-4ad0-a9d7-ade3c8de8d76@q30g2000prq.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Mar 13, 11:15 am, "Krishnawat, Nagendra"
<Nagendra.Krishna...@westernasset.com> wrote:
> Hi,
>
> I am trying to implement slient authentication using SPNEGO, My app server is JBOSS, Java vs 1.6. After I was done with configuraton during testing I get the following exception:
>
> "Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC"
>
> To enforce KDC to use DES encryption, so I recreated new user with new property of "Use DES encryption type" selected, set SPN and recreated keyTab file using crypto as DES-CBC-CRC.
Try using DES-CBC-MD5 instead. This worked for me when I had the same
error - apparently Windows KDC supports MD5 but not CRC.
Also if that doesn't fix it, if your AD server is Windows 2003 make
sure its upgraded with the lastest service patches (SP3 IIRC - there
was a hotfix to earlier versions to make the KDC honor the requested
encryption type).
hth,
Chris
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
