apache tomcat

时间:2017-06-19 14:21:47

标签: tomcat kerberos spring-security-kerberos

我收到以下异常。尝试使用Kerberos进行SSO时:

GSSException: Failure unspecified at GSS-API level (Mechanism level:
Invalid argument (400) - Cannot find key of appropriate type to
decrypt AP REP - RC4 with HMAC)

我正在使用Ktpass生成密钥。当我使用默认的加密选项时,它可以工作。 但是当我添加' -crypto AES256-SHA1'在Ktpass命令中,调用函数org.ietf.jgss.GSSContext.acceptSecContext

时抛出以下异常

我正在使用Java 8开发apache-tomact。

我的krb5.conf是

# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
# default_realm = EXAMPLE.COM
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
#  kdc = kerberos.example.com
#  admin_server = kerberos.example.com
# }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

1 个答案:

答案 0 :(得分:0)

你的krb5.conf中应该有默认的 tkt tgs enctypes

由于您的配置似乎有效但不能使用crypto选项= AES256-SHA1,请将以下值添加到您的krb5.conf(在 [libdefaults] 下):

default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96