KDC has no support for encryption type (14)
G. Venkatesan
venk_gv at yahoo.com
Tue Dec 21 11:44:00 EST 2004
Hello All,
I'm using JAAS(Kerberos) to authenticate user
against Active Directory server(w2k). It works fine
for normal users who has single account. When a user
uses his dummy account, it gives me following error.
Usually admin has two NT accounts, one is the real
account and another is testing NT account(dummy). I
configured krb5.conf with different encryptions but
nothing workes for test account. I really appreciate
any suggestions.
Regards,
Venkat
My Krb5.conf are
#
# All rights reserved.
#
#pram ident @(#)krb5.conf 1.1 00/12/08
[libdefaults]
default_realm = TEST.ORG
#default_checksum = rsa-md5
default_checksum = crc32
#kdc_supported_enctypes = des-cbc-crc:normal
#supported_enctypes = des-cbc-md5:normal
default_tkt_enctypes = des-cbc-md5
default_tgs_enctypes = des-cbc-crc
#default_etypes = des-cbc-md5;des-cbc-crc
#default_etypes_des = des-cbc-md5
#default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5
des-cbc-crc
#default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5
des-cbc-crc
#permitted_enctypes = des3-cbc-sha1 des-cbc-md5
des-cbc-crc
# yourdomaincontroller is the name of the domain
controller / active directory server acting as the KDC
in your windows network
[realms]
TEST.ORG = {
kdc =TEST-DC01.TEST.ORG
}
#[domain_realm]
# .yourdomain.com =TEST.ORG
[logging]
default = CONSOLE
kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated
no more
# often than the period, and less often if the KDC is
not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around
(kdc.log.0, kdc.log.1, ...)
versions = 10
}
[appdefaults]
gkadmin = {
help_url =
http://localhost:8888/ab2/coll.384.2/SEAM
}
kinit = {
renewable = true
forwardable= true
}
rlogin = {
forwardable= true
}
rsh = {
forwardable= true
}
telnet = {
autologin = true
forwardable= true
}
Exception
[java] KDC has no support for encryption type
(14)
[java] Authentication attempt
failed-***LoginException***-WHY FAILED ???jav
ax.security.auth.login.LoginException: KDC has no
support for encryption type (1
4)
[java] javax.security.auth.login.LoginException:
KDC has no support for enc
ryption type (14)
[java] at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentic
ation(Krb5LoginModule.java:585)
[java] at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginM
odule.java:475)
[java] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
[java] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcces
sorImpl.java:39)
[java] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMet
hodAccessorImpl.java:25)
[java] at
java.lang.reflect.Method.invoke(Method.java:324)
[java] at
javax.security.auth.login.LoginContext.invoke(LoginContext.ja
va:675)
[java] at
javax.security.auth.login.LoginContext.access$000(LoginContex
t.java:129)
[java] at
javax.security.auth.login.LoginContext$4.run(LoginContext.jav
a:610)
[java] at
java.security.AccessController.doPrivileged(Native
Method)
[java] at
javax.security.auth.login.LoginContext.invokeModule(LoginCont
ext.java:607)
[java] at
javax.security.auth.login.LoginContext.login(LoginContext.jav
a:534)
[java] at
edu.yale.its.tp.cas.auth.provider.KerberosAuthHandler.authent
icate(Unknown Source)
[java] at
edu.yale.its.tp.cas.servlet.Login.doGet(Unknown
Source)
[java] at
edu.yale.its.tp.cas.servlet.Login.doPost(Unknown
Source)
[java] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
[java] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
[java] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFil
ter(ApplicationFilterChain.java:237)
[java] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(Appl
icationFilterChain.java:157)
[java] at
org.apache.catalina.core.ApplicationDispatcher.invoke(Applica
tionDispatcher.java:703)
[java] at
org.apache.catalina.core.ApplicationDispatcher.processRequest
(ApplicationDispatcher.java:463)
[java] at
org.apache.catalina.core.ApplicationDispatcher.doForward(Appl
icationDispatcher.java:398)
[java] at
org.apache.catalina.core.ApplicationDispatcher.forward(Applic
ationDispatcher.java:312)
[java] at
org.apache.jasper.runtime.PageContextImpl.doForward(PageConte
xtImpl.java:670)
[java] at
org.apache.jasper.runtime.PageContextImpl.forward(PageContext
Impl.java:637)
[java] at
org.apache.jsp.index_jsp._jspService(index_jsp.java:42)
[java] at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.jav
a:94)
[java] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
[java] at
org.apache.jasper.servlet.JspServletWrapper.service(JspServle
tWrapper.java:298)
[java] at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServle
t.java:292)
[java] at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:
236)
[java] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
[java] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFil
ter(ApplicationFilterChain.java:237)
[java] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(Appl
icationFilterChain.java:157)
[java] at
org.apache.catalina.core.StandardWrapperValve.invoke(Standard
WrapperValve.java:214)
[java] at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
[java] at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
[java] at
org.apache.catalina.core.StandardContextValve.invokeInternal(
StandardContextValve.java:198)
[java] at
org.apache.catalina.core.StandardContextValve.invoke(Standard
ContextValve.java:152)
[java] at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
[java] at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
[java] at
org.apache.catalina.core.StandardHostValve.invoke(StandardHos
tValve.java:137)
[java] at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
[java] at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepor
tValve.java:117)
[java] at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:102)
[java] at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
[java] at
org.apache.catalina.core.StandardEngineValve.invoke(StandardE
ngineValve.java:109)
[java] at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
[java] at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
[java] at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.j
ava:929)
[java] at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter
.java:160)
[java] at
org.apache.coyote.http11.Http11Processor.process(Http11Proces
sor.java:793)
[java] at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandl
er.processConnection(Http11Protocol.java:702)
[java] at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpo
int.java:571)
[java] at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:644)
[java] at
java.lang.Thread.run(Thread.java:534)
[java] Caused by: KrbException: KDC has no
support for encryption type (14)
[java] at
sun.security.krb5.KrbAsRep.<init>(DashoA6275:67)
[java] at
sun.security.krb5.KrbAsReq.getReply(DashoA6275:315)
[java] at
sun.security.krb5.Credentials.acquireTGT(DashoA6275:352)
[java] at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentic
ation(Krb5LoginModule.java:576)
[java] ... 55 more
[java] Caused by: KrbException: Identifier
doesn't match expected value (90
6)
[java] at
sun.security.krb5.internal.af.a(DashoA6275:134)
[java] at
sun.security.krb5.internal.at.a(DashoA6275:63)
[java] at
sun.security.krb5.internal.at.<init>(DashoA6275:58)
[java] at
sun.security.krb5.KrbAsRep.<init>(DashoA6275:53)
[java] ... 58 more
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Kerberos
mailing list