Encryption types

Richard Gundersen richardgundersen at hotmail.com
Thu Apr 8 12:37:37 EDT 2004


Hi

I'm sorry to post such a simple question here but I have been trying for two 
days to get a Java client-server example working with no success (actually 
from the tutorial on Sun's website). I'm using MIT out of the box, but my 
'server' complains about the encryption type not being supported when my 
'client' tries to communicate with it. Both programs can authenticate 
against the KDC fine, but they cant talk to each other.

My krb5.conf file looks like this:

+++++++++++++++++++++++++
[libdefaults]
default_keytab_name =c:/j2sdk1.4.2_04/jre/lib/security/spnego.keytab
default_realm = EXPERIMENTAL.COM
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
default_checksum = rsa-md5
kdc_timesync = 0
kdc_default_options = 0x40000010
clockskew = 300
check_delegate = 0
ccache_type = 3
kdc_timeout = 60000


[realms]
EXPERIMENTAL.COM = {
  kdc = linux.experimental.com:88
  admin_server = linux.experimental.com:749
  default_domain = experimental.com
}

[domain_realm]
.experimental.com = experimental.COM
++++++++++++++++++++++++++++

This is the error message that I now know off by heart:
"Failure unspecified at GSS-API level (Mechanism level: KDC has no support 
for encryption type (14))"

If anyone could tell me how the syntax should be, I'd be really grateful. Or 
point me in the direction of some good documentation (good Java/GSS docs 
seem to be a bit hard to come by...)

Also, as a bonus question - what are people's opinions on Kerberos support 
in Java? Is it up to the job yet or is it still quite immature?

Regards

Richard

_________________________________________________________________
Stay in touch with absent friends - get MSN Messenger 
http://www.msn.co.uk/messenger



More information about the Kerberos mailing list