Java Kerberos Preauthentication Error
https://stackoverflow.com/questions/12822496
-
06-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianВопрос
We have two different applications in our network, both use Kerberos to authenticate users. One of them makes problems when the max. ticket lifetime has expired.
Successful request with application x:
AS-REQ =>
<= KRB5KDC_ERR_PREAUTH_REQUIRED
AS-REQ =>
<= AS-REP
Unsuccessful request with application y:
AS-REQ =>
<= KRB5KDC_ERR_PREAUTH_REQUIRED
AS-REQ =>
<= KRB5KDC_ERR_PREAUTH_FAILED
The only difference we can see in network captures is that app x uses NT-PRINCIPAL, while app y uses NT-ENTERPRISE. App y runs on Java 1.6, so the preauth bug from earlier versions shouldn't occur.
Any ideas are highly appreciated.
Решение
I think that the solution to this issue was to re-generate our keytabs with the "/crypto All" option, but I'm not 100% sure. At least we had no more complaints after that.
Не связан с StackOverflow
