Identified does not match issue

vssureka@gmail.com vssureka at gmail.com
Mon Nov 3 18:10:45 EST 2008


After struggling with this issue for almost two days now, I have run
out of issues. Here is what I get when i run kinit

C:\Program Files\Java\jdk1.5.0_16\bin>kinit -k -t c:\JBOSS.host.keytab
JBOSS
Exception: krb_error 24 Pre-authentication information was invalid
(24) Pre-auth
entication information was invalid
KrbException: Pre-authentication information was invalid (24)
        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
        at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:486)
        at
sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:308)
        at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:
259)
        at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:106)
Caused by: KrbException: Identifier doesn't match expected value (906)
        at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
        at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
        at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
        ... 4 more

We have a windows 2008 server running Active Directory. I have created
a JBOSS user there and ran the SetSPN and Ktpass utlility. Also, I
have made sure that DES encryption check box is checked for the JBOSS.
Since I modified that check box few times, I have made sure that I
reset the password everytime as I read few places that it can create
issues with the encryption.

I am running the kinit on windows 2003. I have generated the key tab
file on 2003 using Ktab command. (I have also tried generating this
file in 2008 and using that file when I run the command in 2003 but of
no use)

Now I am not sure what else is going on. Iniitlally I was running into
client not found in the database. I went past that problem by making
sure that I ran the kinit utility by just passing in the user name
JBOSS rather than mydomanin\JBOSS

If you need more info I would be more than happy to provide it.
Looking for any clue to move forward.

Thanks
vs



More information about the Kerberos mailing list