Specified version of key is not available

Weijun Wang weijun.wang at oracle.com
Thu Dec 9 22:15:04 EST 2010


Java fixed a bug on key version check in 6u21.

The error message looks like the keytab is not the latest one. Each time 
ktpass.exe is called, it increments the key version number for the 
service, so you must always use the last generated keytab file on the 
server.

Thanks
Weijun

On 12/10/2010 06:10 AM, michal wrote:
> Hi,
> Have a problem with setting up Tomcat (Java servlet container) for
> SPNEGO authentication in Active Directory domain. The implementation
> is based on JGSS available in Oracle JDK 1.6.0_22
> 1. Keytab is generated using ktpass utility.
> 2. Server (Tomcat) obtains a service ticket from the keytab.
> 3. Server sends Negotiate header to the browser
> 4. The browser sends an encoded kerberos ticket to the server
> 5. Ooops... The server prints out exception message "Specified version
> of key is not available" and refuses to establish GSS context.
> All is setup exactly as described here:
> http://blog.springsource.com/2009/09/28/spring-security-kerberos
> and works perfectly with MIT Kerberos (even with Windows clients
> configured using ksetup tool).
> I've googled around and could not find anything. Anybody has any idea
> what is wrong?
> Thanks for any suggestions.
> Michal
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos



More information about the Kerberos mailing list