Java can't find my principal name in my own keytab file?
I was expecting Java JAAS module to generate a TGT when it finds the principal in my keytab file. I also used kinit on the same keytab file and that does work.
Although JAAS finds the keytab as instructed through the config file, i get the next message:
...
Native config name: C:\Windows\krb5.ini
getRealmFromDNS: trying YEF.GSC.RD
Acquire TGT from Cache
>>>KinitOptions cache name is C:\Users\tester1\krb5cc_tester1
>> Acquire default native Credentials
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23.
LSA: Found KrbCreds constructor
LSA: Got handle to Kerberos package
LSA: Response size is 0
LSA: Error calling function Protocol status: 1312
LSA: A specified logon session does not exist. It may already have been terminated.
>>> Found no TGT's in LSA
Principal is [email protected]
null credentials from Ticket Cache
Looking for keys for: [email protected]
Key for the principal [email protected] not available in c:/user/tester1/keytab
(I used the debug flag -Dsun.security.krb5.debug=true to get these details, and ran it standalone instead of webstart, just to get stuff started without the webstart startup overhead)
The config file says:
WEBSTART_CLIENT_CONTEXT {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
doNotPrompt=false
principal=john
renewTGT=true
useKeyTab=true
keyTab="c:/user/tester1/keytab"
debug=true;
};
The keytab file which i generated locally on the client machine is:
c:\Users\tester1>klist -k -t -K -e keytab
Key tab: keytab, 6 entries found.
[1] Service principal: [email protected]
KVNO: 1
Key type: 17
Key: 0x2dccdcd29d17e2719eb5af9f1b0f7448
Time stamp: Oct 30, 2015 15:37:02
[2] Service principal: [email protected]
KVNO: 1
Key type: 16
Key: 0xcd10890becd5fbcb526e9104765116807a5ecd38da762ab0
Time stamp: Oct 30, 2015 15:37:02
[3] Service principal: [email protected]
KVNO: 1
Key type: 23
Key: 0xb9218bada80f02c685e1958a5042f5fc
Time stamp: Oct 30, 2015 15:37:02
[4] Service principal: [email protected]
KVNO: 1
Key type: 17
Key: 0x7d4b7a98e179d7284dcd7ff3a69c890e
Time stamp: Nov 02, 2015 13:24:37
[5] Service principal: [email protected]
KVNO: 1
Key type: 16
Key: 0x4ca17a0b2a58679207162cf13864c143d05e869101b5a2ef
Time stamp: Nov 02, 2015 13:24:37
[6] Service principal: [email protected]
KVNO: 1
Key type: 23
Key: 0xb9218bada80f02c685e1958a5042f5fc
Time stamp: Nov 02, 2015 13:24:37
But for some reason JAAS can't find [email protected] , as it says:
Key for the principal [email protected] not available in c:/user/tester1/keytab
Someone on internet mentioned KVNO to be 0. So i also tested that using:
ktab -k keytab -a [email protected] -n 0
But the exact same error happened. Would like to know what java expects to find in the keytab..
Using Java 1.8.0 on Windows 7 machine
Your problem is most probably related to a path error. On your configuration you use the path keyTab="c:/user/tester1/keytab" and when you check it with the klist tool you use another path c:\Users\tester1>.
Your configuration should point to the right path. Giving that this isn't a Typo it should be:
keyTab="c:/Users/tester1/keytab"