FW: JBoss Negotiate
Chris
chriscorbell at gmail.com
Sat Mar 14 21:29:45 EDT 2009
On Mar 13, 11:15 am, "Krishnawat, Nagendra"
<Nagendra.Krishna... at westernasset.com> wrote:
> Hi,
>
> I am trying to implement slient authentication using SPNEGO, My app server is JBOSS, Java vs 1.6. After I was done with configuraton during testing I get the following exception:
>
> "Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC"
>
> To enforce KDC to use DES encryption, so I recreated new user with new property of "Use DES encryption type" selected, set SPN and recreated keyTab file using crypto as DES-CBC-CRC.
Try using DES-CBC-MD5 instead. This worked for me when I had the same
error - apparently Windows KDC supports MD5 but not CRC.
Also if that doesn't fix it, if your AD server is Windows 2003 make
sure its upgraded with the lastest service patches (SP3 IIRC - there
was a hotfix to earlier versions to make the KDC honor the requested
encryption type).
hth,
Chris
More information about the Kerberos
mailing list