Java 1.8 JAAS在我自己生成的keytab中无法识别主体

时间:2015-11-04 12:55:37

标签: java java-8 kerberos jaas gssapi

Java无法在我自己的keytab文件中找到我的主要名称? 我期待Java JAAS模块在我的keytab文件中找到主体时生成TGT。我还在同一个keytab文件上使用了 kinit ,这确实有效。

虽然JAAS按照配置文件的指示找到了keytab,但我收到了下一条消息:

...
Native config name: C:\Windows\krb5.ini
getRealmFromDNS: trying YEF.GSC.RD
Acquire TGT from Cache
>>>KinitOptions cache name is C:\Users\tester1\krb5cc_tester1
>> Acquire default native Credentials
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23.
LSA: Found KrbCreds constructor
LSA: Got handle to Kerberos package
LSA: Response size is 0
LSA: Error calling function Protocol status: 1312
LSA: A specified logon session does not exist. It may already have been terminated.
>>> Found no TGT's in LSA
Principal is john@YEF.GSC.RD
null credentials from Ticket Cache
Looking for keys for: john@YEF.GSC.RD
Key for the principal john@YEF.GSC.RD not available in c:/user/tester1/keytab

(我使用调试标志 -Dsun.security.krb5.debug = true 来获取这些详细信息,并将其独立运行而不是webstart,只是为了在没有webstart启动开销的情况下启动它们)
配置文件说:

  WEBSTART_CLIENT_CONTEXT {
       com.sun.security.auth.module.Krb5LoginModule required 
       useTicketCache=true
       doNotPrompt=false   
       principal=john
       renewTGT=true
       useKeyTab=true
       keyTab="c:/user/tester1/keytab"
       debug=true; 
    };

我在客户端计算机上本地生成的keytab文件是:

c:\Users\tester1>klist -k -t -K -e keytab

Key tab: keytab, 6 entries found.

[1] Service principal: tester1@YEF.GSC.RD
         KVNO: 1
         Key type: 17
         Key: 0x2dccdcd29d17e2719eb5af9f1b0f7448
         Time stamp: Oct 30, 2015 15:37:02
[2] Service principal: tester1@YEF.GSC.RD
         KVNO: 1
         Key type: 16
         Key: 0xcd10890becd5fbcb526e9104765116807a5ecd38da762ab0
         Time stamp: Oct 30, 2015 15:37:02
[3] Service principal: tester1@YEF.GSC.RD
         KVNO: 1
         Key type: 23
         Key: 0xb9218bada80f02c685e1958a5042f5fc
         Time stamp: Oct 30, 2015 15:37:02
[4] Service principal: john@YEF.GSC.RD
         KVNO: 1
         Key type: 17
         Key: 0x7d4b7a98e179d7284dcd7ff3a69c890e
         Time stamp: Nov 02, 2015 13:24:37
[5] Service principal: john@YEF.GSC.RD
         KVNO: 1
         Key type: 16
         Key: 0x4ca17a0b2a58679207162cf13864c143d05e869101b5a2ef
         Time stamp: Nov 02, 2015 13:24:37
[6] Service principal: john@YEF.GSC.RD
         KVNO: 1
         Key type: 23
         Key: 0xb9218bada80f02c685e1958a5042f5fc
         Time stamp: Nov 02, 2015 13:24:37

但由于某些原因,JAAS无法找到john@YEF.GSC.RD,因为它说:

  

主要john@YEF.GSC.RD的密钥在c:/ user / tester1 / keytab中不可用

互联网上有人提到KVNO为0.所以我也测试了这个:

  

ktab -k keytab -a john@YEF.GSC.RD -n 0

但是发生了完全相同的错误。想知道java期望在keytab中找到什么..

在Windows 7计算机上使用Java 1.8.0

1 个答案:

答案 0 :(得分:0)

您的问题很可能与path错误有关。在您的配置中,您使用路径keyTab="c:/user/tester1/keytab",当您使用klist工具进行检查时,您使用另一条路径c:\Users\tester1>

您的配置应指向正确的路径。认为这不是一个错字,应该是:

keyTab="c:/Users/tester1/keytab"
相关问题
最新问题