FW: JBoss Negotiate

[Krishnawat, Nagendra]

Hi,

I am trying to implement slient authentication using SPNEGO, My app server is JBOSS, Java vs 1.6. After I was done with configuraton during testing I get the following exception:

"Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC"

To enforce KDC to use DES encryption, so I recreated new user with new property of "Use DES encryption type" selected, set SPN and recreated keyTab file using crypto as DES-CBC-CRC.


[cid:657055523 at 12032009-0211]
I got the same stack trace:

Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC
        at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:262)
        at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
        at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)

This means KDC is encrypting using RC4, even if "Use DES encryption type for this account" checkbox is checked.

But I an not very sure that this is a KDC issue, because AP REQ and AP RES are the message exchange between client and server, not between client and KDC.

Can you guide do where should I make the fix, I am stuck.

-Nagendra


**********************************************************************
E-mail sent through the Internet is not secure. Western Asset
therefore recommends that you do not send any confidential or
sensitive information to us via electronic mail, including social
security numbers, account numbers, or personal identification
numbers. Delivery, and or timely delivery of Internet mail is not
guaranteed. Western Asset therefore recommends that you do not send
time sensitive or action-oriented messages to us via electronic
mail. 
**********************************************************************