KrbException: Do not have keys of types listed in default_tkt_enctypes available

Ravindhar Konka ravindhar_konka at persistent.com
Fri May 15 04:43:55 EDT 2015


[libdefaults]

default_realm = DOMAIN.COM

default_keytab_name = FILE:c:\apache-tomcat-7.0.61\conf\test.keytab

default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96

default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96

forwardable=true



[realms]

DOMAIN.COM= {

        kdc = domain-ad.DOMAIN.com:88

                                default_domain = DOMAIN.com

}



[domain_realm]

domain.com=DOMAIN.COM

.domain.com= DOMAIN.COM



[appdefaults]

autologin = true

forward = true

forwardable = true

encrypt = true



C:\Users\Administrator>ktpass /out c:\test.keytab /mapuser ssoadmin at DOMAIN.COM<mailto:ssoadmin at DOMAIN.COM>  /princ HTTP/windows-sso-demo.domain.com at DOMAIN.COM<mailto:HTTP/windows-sso-demo.domain.com at DOMAIN.COM> /pass P at ssw0rd /kvno 0





C:\Users\ssoadmin>kinit -k -t test.keytab

Exception: krb_error 0 Do not have keys of types listed in default_tkt_enctypes available; only have keys of following type:  No error

KrbException: Do not have keys of types listed in default_tkt_enctypes available ; only have keys of following type:

        at sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:280)

        at sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:261)

        at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:315)

        at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)

        at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)

        at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)



C:\Users\ssoadmin>

Please help me

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.



More information about the Kerberos mailing list