KDC has no support for encryption type (14)

G. Venkatesan venk_gv at yahoo.com
Tue Dec 21 11:44:00 EST 2004


Hello All,
    I'm using JAAS(Kerberos) to authenticate user
against Active Directory server(w2k). It works fine
for normal users who has single account. When a user
uses his dummy account, it gives me following error.
Usually admin has two NT accounts, one is the real
account and another is testing NT account(dummy). I
configured krb5.conf with different encryptions but
nothing workes for test account. I really appreciate
any suggestions.

Regards,
Venkat


My Krb5.conf are
#
# All rights reserved.
#
#pram ident    @(#)krb5.conf    1.1 00/12/08

[libdefaults]
    default_realm = TEST.ORG
    #default_checksum = rsa-md5
default_checksum = crc32
#kdc_supported_enctypes = des-cbc-crc:normal
#supported_enctypes = des-cbc-md5:normal
default_tkt_enctypes = des-cbc-md5
default_tgs_enctypes = des-cbc-crc
#default_etypes = des-cbc-md5;des-cbc-crc
#default_etypes_des = des-cbc-md5
#default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5
des-cbc-crc
#default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5
des-cbc-crc
#permitted_enctypes   = des3-cbc-sha1 des-cbc-md5
des-cbc-crc



# yourdomaincontroller is the name of the domain
controller / active directory server acting as the KDC
in your windows network
[realms]
        TEST.ORG = {
                kdc =TEST-DC01.TEST.ORG
        }


#[domain_realm]
#    .yourdomain.com =TEST.ORG

[logging]
        default = CONSOLE
    kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated
no more
# often than the period, and less often if the KDC is
not used
# frequently.

        period = 1d

# how many versions of kdc.log to keep around
(kdc.log.0, kdc.log.1, ...)

        versions = 10
    }

[appdefaults]
    gkadmin = {
            help_url =
http://localhost:8888/ab2/coll.384.2/SEAM
    }
    kinit = {
        renewable = true
        forwardable= true
    }
    rlogin = {
        forwardable= true
    }
    rsh = {
        forwardable= true
    }
    telnet = {
            autologin = true
        forwardable= true
    }




Exception

     [java] KDC has no support for encryption type
(14)
     [java] Authentication attempt
failed-***LoginException***-WHY FAILED ???jav
ax.security.auth.login.LoginException: KDC has no
support for encryption type (1
4)
     [java] javax.security.auth.login.LoginException:
KDC has no support for enc
ryption type (14)
     [java]     at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentic
ation(Krb5LoginModule.java:585)
     [java]     at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginM
odule.java:475)
     [java]     at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
     [java]     at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcces
sorImpl.java:39)
     [java]     at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMet
hodAccessorImpl.java:25)
     [java]     at
java.lang.reflect.Method.invoke(Method.java:324)
     [java]     at
javax.security.auth.login.LoginContext.invoke(LoginContext.ja
va:675)
     [java]     at
javax.security.auth.login.LoginContext.access$000(LoginContex
t.java:129)
     [java]     at
javax.security.auth.login.LoginContext$4.run(LoginContext.jav
a:610)
     [java]     at
java.security.AccessController.doPrivileged(Native
Method)
     [java]     at
javax.security.auth.login.LoginContext.invokeModule(LoginCont
ext.java:607)
     [java]     at
javax.security.auth.login.LoginContext.login(LoginContext.jav
a:534)
     [java]     at
edu.yale.its.tp.cas.auth.provider.KerberosAuthHandler.authent
icate(Unknown Source)
     [java]     at
edu.yale.its.tp.cas.servlet.Login.doGet(Unknown
Source)
     [java]     at
edu.yale.its.tp.cas.servlet.Login.doPost(Unknown
Source)
     [java]     at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
     [java]     at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
     [java]     at
org.apache.catalina.core.ApplicationFilterChain.internalDoFil
ter(ApplicationFilterChain.java:237)
     [java]     at
org.apache.catalina.core.ApplicationFilterChain.doFilter(Appl
icationFilterChain.java:157)
     [java]     at
org.apache.catalina.core.ApplicationDispatcher.invoke(Applica
tionDispatcher.java:703)
     [java]     at
org.apache.catalina.core.ApplicationDispatcher.processRequest
(ApplicationDispatcher.java:463)
     [java]     at
org.apache.catalina.core.ApplicationDispatcher.doForward(Appl
icationDispatcher.java:398)
     [java]     at
org.apache.catalina.core.ApplicationDispatcher.forward(Applic
ationDispatcher.java:312)
     [java]     at
org.apache.jasper.runtime.PageContextImpl.doForward(PageConte
xtImpl.java:670)
     [java]     at
org.apache.jasper.runtime.PageContextImpl.forward(PageContext
Impl.java:637)
     [java]     at
org.apache.jsp.index_jsp._jspService(index_jsp.java:42)
     [java]     at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.jav
a:94)
     [java]     at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
     [java]     at
org.apache.jasper.servlet.JspServletWrapper.service(JspServle
tWrapper.java:298)
     [java]     at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServle
t.java:292)
     [java]     at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:
236)
     [java]     at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
     [java]     at
org.apache.catalina.core.ApplicationFilterChain.internalDoFil
ter(ApplicationFilterChain.java:237)
     [java]     at
org.apache.catalina.core.ApplicationFilterChain.doFilter(Appl
icationFilterChain.java:157)
     [java]     at
org.apache.catalina.core.StandardWrapperValve.invoke(Standard
WrapperValve.java:214)
     [java]     at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
     [java]     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
     [java]     at
org.apache.catalina.core.StandardContextValve.invokeInternal(
StandardContextValve.java:198)
     [java]     at
org.apache.catalina.core.StandardContextValve.invoke(Standard
ContextValve.java:152)
     [java]     at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
     [java]     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
     [java]     at
org.apache.catalina.core.StandardHostValve.invoke(StandardHos
tValve.java:137)
     [java]     at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
     [java]     at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepor
tValve.java:117)
     [java]     at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:102)
     [java]     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
     [java]     at
org.apache.catalina.core.StandardEngineValve.invoke(StandardE
ngineValve.java:109)
     [java]     at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
     [java]     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
     [java]     at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.j
ava:929)
     [java]     at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter
.java:160)
     [java]     at
org.apache.coyote.http11.Http11Processor.process(Http11Proces
sor.java:793)
     [java]     at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandl
er.processConnection(Http11Protocol.java:702)
     [java]     at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpo
int.java:571)
     [java]     at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:644)
     [java]     at
java.lang.Thread.run(Thread.java:534)
     [java] Caused by: KrbException: KDC has no
support for encryption type (14)

     [java]     at
sun.security.krb5.KrbAsRep.<init>(DashoA6275:67)
     [java]     at
sun.security.krb5.KrbAsReq.getReply(DashoA6275:315)
     [java]     at
sun.security.krb5.Credentials.acquireTGT(DashoA6275:352)
     [java]     at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentic
ation(Krb5LoginModule.java:576)
     [java]     ... 55 more
     [java] Caused by: KrbException: Identifier
doesn't match expected value (90
6)
     [java]     at
sun.security.krb5.internal.af.a(DashoA6275:134)
     [java]     at
sun.security.krb5.internal.at.a(DashoA6275:63)
     [java]     at
sun.security.krb5.internal.at.<init>(DashoA6275:58)
     [java]     at
sun.security.krb5.KrbAsRep.<init>(DashoA6275:53)
     [java]     ... 58 more



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the Kerberos mailing list