LoginException: Cannot get kdc for realm
preetam R
rpreetam2001 at yahoo.com
Thu May 31 00:02:34 EDT 2007
Hi,
I believe the domain name in the section,
domain_realm is case-sensitive. Add the following
entry and try again
[domain_realm]
..............
.CCC.IT.XXX.YYYY.COM = CCC.IT.XXX.YYYY.COM
.................
Thanks,
Preetam
--- Giuseppe Catalano <gpcatalano at gmail.com> wrote:
> Hi to all.
>
> We have a problem using JAAS for autenticating
> against Microsoft
> Active Directory LDAP and a security service based
> on Microsoft
> Kerberos V5.
>
> We have a krb5.conf like this:
>
> #
> # All rights reserved.
> #
> #pragma ident @(#)krb5.conf 1.1 00/12/08
>
> [libdefaults]
> default_realm = AAA.IT.xxx.YYYY.COM
>
> [realms]
> IT.XXX.YYYY.COM = {
> kdc = SERVER1:88
> }
> AAA.IT.XXX.YYYY.COM = {
> kdc = SERVER2.AAA.IT.XXXP.YYYY.COM:88
> }
> BBB.IT.XXX.YYYY.COM = {
> kdc = SERVER3.BBB.IT.XXX.YYYY.COM:88
> }
> CCC.IT.XXX.YYYY.COM = {
> kdc = SERVER4.CCC.IT.XXX.YYYY.COM:88
> }
> DDD.IT.XXX.YYYY.COM = {
> kdc = SERVER5.DDD.IT.XXX.YYYY.COM:88
> }
>
> [domain_realm]
> .bbb.it.xxx.yyyy.com = BBB.IT.XXX.YYYY.COM
> .aaa.it.xxx.yyyy.com = AAA.IT.XXX.YYYY.COM
> .it.xxx.yyyy.com = IT.XXX.YYYY.COM
> .ccc.it.xxx.yyyy.com = CCC.IT.XXX.YYYY.COM
> .ddd.it.xxx.yyyy.com = DDD.IT.XXX.YYYY.COM
>
> We are developing under Oracle Application Server
> 10.1.3. We load
> krb5.conf file in a servlet with this code:
> System.setProperty("java.security.krb5.conf"..
>
> We autenticate users with these calls:
>
> lc = new LoginContext("MyLogin", new
> CallbackHandler(args));
> lc.login();
>
> We have deployed our web application under a test
> environment and
> everything works. Now we are trying to go on
> production, where we have
> the following error:
>
>
> javax.security.auth.login.LoginException: Cannot
> get kdc for realm
> CC.IT.XXX.YYYY.COM
> at
>
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:652)
>
> at
>
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512)
>
> at
>
sun.reflect.GeneratedMethodAccessor1909.invoke(Unknown
> Source)
>
> at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> at
> java.lang.reflect.Method.invoke(Method.java:585)
>
> at
>
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>
> at
>
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>
> at
>
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)...
> .....
> ....
> Caused by: KrbException: Cannot get kdc for realm
> CCC.IT.XXX.YYYY.COM
>
> at
> sun.security.krb5.KrbKdcReq.send(DashoA12275:133)
>
> at
> sun.security.krb5.KrbKdcReq.send(DashoA12275:106)
>
> at
> sun.security.krb5.KrbAsReq.send(DashoA12275:330)
>
> at
>
sun.security.krb5.Credentials.acquireTGT(DashoA12275:369)
>
> at
>
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:642)
>
> We have deployed another web application inside the
> same application
> server that uses the same framework for
> autentication, that is the
> same classes that we have developed for
> autentication. The other web
> application works correctly, the only difference is
> that we have added
> two more domains in krb5.conf that is deployed with
> each web
> application.
>
> Using kinit the autentication works for the added
> domains.
>
> Does anyone has some suggestion to solve this
> problem?
>
> Thanks in advance.
> Best Regards,
> Giuseppe
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
____________________________________________________________________________________
TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV.
http://tv.yahoo.com/
More information about the Kerberos
mailing list