我使用jer 6 + tomcat 7使用kerberos配置了SSO,每个工作都正常。
它无法在jre7u60 + tomcat 7.0中使用以下错误消息
Caused by: javax.security.auth.login.LoginException: Client not found in Kerberos database (6)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at com.emc.documentum.kerberos.utility.KerberosUtility.createLoginContext(KerberosUtility.java:193)
... 20 more
Caused by: KrbException: Client not found in Kerberos database (6)
at sun.security.krb5.KrbAsRep.<init>(Unknown Source)
at sun.security.krb5.KrbAsReqBuilder.send(Unknown Source)
at sun.security.krb5.KrbAsReqBuilder.action(Unknown Source)
... 34 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.<init>(Unknown Source)
... 37 more
在下面找到krb5.ini&amp; .conf文件
krb5.ini
[libdefaults]
default_realm = eu.xyz.com
ticket_lifetime = 24h
default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
[realms]
eu.xyz.com= {
kdc = EUDC07.eu.xyz.com
admin_server = EUDC07.eu.xyz.com
default_domain = eu.xyz.com
}
ktb5login.conf
HTTP-wsv000910-eu-xyz-com
{
com.sun.security.auth.module.Krb5LoginModule required
refreshKrb5Config=false
useKeyTab=true
doNotPrompt=true
noTGT=true
principal="HTTP/wsv000910.eu.xyz.com"
realm="eu.xyz.com"
debug=true
keyTab="D:\\apps\\http_wsv000910.keytab";
};
答案 0 :(得分:0)
不确定它是否相关,但我们发现在使用ktab.exe创建keytab时,使用Java 7时,必须在命令行中添加其他参数“-n 0”。