Found unsupported keytype (23)
103 views
Skip to first unread message
Raphael GEYER
Dec 2, 2024, 7:19:05 AM12/2/24
to CAS Community
SPNEGO has been configured as explained in documentation.
But when trying SSO I get following error :
Dec 02 12:51:42 cas tomcat10[8253]: Found KeyTab Default keytab
Dec 02 12:51:42 cas tomcat10[8253]: Entered Krb5Context.acceptSecContext with state=STATE_NEW
Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTabInputStream, readName(): REALM
Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTabInputStream, readName(): HTTP
Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTabInputStream, readName(): cas.example.com
Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTab: load() entry length: 65; type: 23
Dec 02 12:51:42 cas tomcat10[8253]: Looking for keys for: HTTP/cas.example.com@REALM
Dec 02 12:51:42 cas tomcat10[8253]: Found unsupported keytype (23) for HTTP/cas.example.com@REALM
Dec 02 12:51:42 cas tomcat10[8253]: Looking for keys for: HTTP/cas.example.com@REALM
Dec 02 12:51:42 cas tomcat10[8253]: Found unsupported keytype (23) for HTTP/cas.example.com@REALM
Dec 02 12:51:42 cas tomcat10[8253]: jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
Dec 02 12:51:42 cas tomcat10[8253]: Entered Krb5Context.acceptSecContext with state=STATE_NEW
Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTabInputStream, readName(): REALM
Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTabInputStream, readName(): HTTP
Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTabInputStream, readName(): cas.example.com
Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTab: load() entry length: 65; type: 23
Dec 02 12:51:42 cas tomcat10[8253]: Looking for keys for: HTTP/cas.example.com@REALM
Dec 02 12:51:42 cas tomcat10[8253]: Found unsupported keytype (23) for HTTP/cas.example.com@REALM
Dec 02 12:51:42 cas tomcat10[8253]: Looking for keys for: HTTP/cas.example.com@REALM
Dec 02 12:51:42 cas tomcat10[8253]: Found unsupported keytype (23) for HTTP/cas.example.com@REALM
Dec 02 12:51:42 cas tomcat10[8253]: jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
Type 23 ( RC4-HMAC ) is forced with ktpass, is it still supported by latest JAVA / CAS versions ?
Raphael GEYER
Dec 2, 2024, 8:53:27 PM12/2/24
to CAS Community, Raphael GEYER
Adding "allow_weak_crypto = true" to "
[libdefaults]" section in krb5.conf did it
Reply all
Reply to author
Forward
0 new messages