Menu
I'm trying to follow this tutorial for spring-security-kerberos I have a keytab with one principal in it:
ktutil: rkt http-web.keytab
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 3 HTTP/[email protected]
This keytab was generated on a the win 2k8 domain controller with this command:
ktpass /out http-web.keytab /mapuser [email protected] /princ HTTP/[email protected] /pass *
which was coppied over the the test web server used in spnego.xml:
<bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
<property name="servicePrincipal" value="HTTP/[email protected]" />
<property name="keyTabLocation" value="/WEB-INF/http-web.keytab" />
<property name="debug" value="true" />
</bean>
but fails to find the principal:
Key for the principal HTTP/[email protected] not available in
jndi:/localhost/spring-security-kerberos-sample-1.0.0.CI-SNAPSHOT/WEB-INF/http-web.keytab
[Krb5LoginModule] authentication failed
Unable to obtain password from user
I have tried joining the web server (Centos 5.5, tomcat6) to the AD WAD.ENG.HYTRUST.COM and can login using AD credentials and then using a principal from /etc/krb5.keytab just to see if it can be read... same response. I also tried lots of variants on uppercase and lowercaseing the names.
ps checked it out from git this morning.
933
There're several mistakes that lead to "Unable to obtain password from user":
classpath:http-web.keytab or file:c:/http-web.keytabl
124
I had the exact same issue.
The problem is your "keyTabLocation" setting. You cannot set it to /WEB-INF/http-web.keytab
You need to set it to something on the file path or classpath.
For instance, I put my file on the classpath and made this setting:
<property name="keyTabLocation" value="classpath:http-web.keytab" />
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
