我收到以下异常。尝试使用Kerberos进行SSO时:
GSSException: Failure unspecified at GSS-API level (Mechanism level:
Invalid argument (400) - Cannot find key of appropriate type to
decrypt AP REP - RC4 with HMAC)
我正在使用Ktpass生成密钥。当我使用默认的加密选项时,它可以工作。 但是当我添加' -crypto AES256-SHA1'在Ktpass命令中,调用函数org.ietf.jgss.GSSContext.acceptSecContext
时抛出以下异常我正在使用Java 8开发apache-tomact。
我的krb5.conf是
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
答案 0 :(得分:0)
你的krb5.conf中应该有默认的 tkt 和 tgs enctypes
由于您的配置似乎有效但不能使用crypto选项= AES256-SHA1,请将以下值添加到您的krb5.conf(在 [libdefaults] 下):
default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96