KrbException: Do not have keys of types listed in default_tkt_enctypes available

Fri, 15 May 2015 00:35:29 -0700 

Hi All
I am trying to use SSO functionality for my app

apache-tomcat-7.0.61
windows server 2008 R2
java 1.8.0_25
active directory machine ( DOMAIN-ad)
tomcat instance machine (windows-sso-demo)
username (ss0ad...@domain.com)
password (XXXXXX)


krb5.ini


[libdefaults]
default_realm = DOMAIN.COM
default_keytab_name = FILE:c:\apache-tomcat-7.0.61\conf\test.keytab
default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES3-CBC-SHA1 DES-CBC-MD5 
DES-CBC-CRC
default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES3-CBC-SHA1 DES-CBC-MD5 
DES-CBC-CRC
permitted_enctypes =  AES256-CTS AES128-CTS RC4-HMAC DES3-CBC-SHA1 DES-CBC-MD5 
DES-CBC-CRC
forwardable=true

[realms]
DOMAIN.COM= {
        kdc = DOMAIN-ad:88
                                default_domain = DOMAIN.com
}

[domain_realm]
domain.com=DOMAIN.COM
.domain.com= DOMAIN.COM

[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true

test.keytab

C:\Users\Administrator>ktpass -princ HTTP/windows-sso-demo.domain.com@DOMAIN
.COM -mapuser ssoadmin -pass P@ssw0rd -crypto all -kvno 0 -ptype KRB5_NT_PRINCIP
AL -out test.keytab


C:\Users\ssoadmin>kinit ssoadmin
Password for ssoad...@domain.com:
New ticket is stored in cache file C:\Users\ssoadmin\krb5cc_ssoadmin


C:\Users\ssoadmin>kinit -k -t test.keytab
Exception: krb_error 0 Do not have keys of types listed in default_tkt_enctypes
available; only have keys of following type:  No error
KrbException: Do not have keys of types listed in default_tkt_enctypes available
; only have keys of following type:
        at sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:280)
        at sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:261)
        at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:315)
        at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
        at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)
        at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)


CAN YOU PLEASE HELP ME

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the 
property of Persistent Systems Ltd. It is intended only for the use of the 
individual or entity to which it is addressed. If you are not the intended 
recipient, you are not authorized to read, retain, copy, print, distribute or 
use this message. If you have received this communication in error, please 
notify the sender and delete all copies of this message. Persistent Systems 
Ltd. does not accept any liability for virus infected mails.

Reply via email to