KDC has no support for encryption type (14)
G. Venkatesan
I'm using JAAS(Kerberos) to authenticate user
against Active Directory server(w2k). It works fine
for normal users who has single account. When a user
uses his dummy account, it gives me following error.
Usually admin has two NT accounts, one is the real
account and another is testing NT account(dummy). I
configured krb5.conf with different encryptions but
nothing workes for test account. I really appreciate
any suggestions.
Regards,
Venkat
My Krb5.conf are
#
# All rights reserved.
#
#pram ident @(#)krb5.conf 1.1 00/12/08
[libdefaults]
default_realm = TEST.ORG
#default_checksum = rsa-md5
default_checksum = crc32
#kdc_supported_enctypes = des-cbc-crc:normal
#supported_enctypes = des-cbc-md5:normal
default_tkt_enctypes = des-cbc-md5
default_tgs_enctypes = des-cbc-crc
#default_etypes = des-cbc-md5;des-cbc-crc
#default_etypes_des = des-cbc-md5
#default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5
des-cbc-crc
#default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5
des-cbc-crc
#permitted_enctypes = des3-cbc-sha1 des-cbc-md5
des-cbc-crc
# yourdomaincontroller is the name of the domain
controller / active directory server acting as the KDC
in your windows network
[realms]
TEST.ORG = {
kdc =TEST-DC01.TEST.ORG
}
#[domain_realm]
# .yourdomain.com =TEST.ORG
[logging]
default = CONSOLE
kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated
no more
# often than the period, and less often if the KDC is
not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around
(kdc.log.0, kdc.log.1, ...)
versions = 10
}
[appdefaults]
gkadmin = {
help_url =
http://localhost:8888/ab2/coll.384.2/SEAM
}
kinit = {
renewable = true
forwardable= true
}
rlogin = {
forwardable= true
}
rsh = {
forwardable= true
}
telnet = {
autologin = true
forwardable= true
}
Exception
[java] KDC has no support for encryption type
(14)
[java] Authentication attempt
failed-***LoginException***-WHY FAILED ???jav
ax.security.auth.login.LoginException: KDC has no
support for encryption type (1
4)
[java] javax.security.auth.login.LoginException:
KDC has no support for enc
ryption type (14)
[java] at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentic
ation(Krb5LoginModule.java:585)
[java] at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginM
odule.java:475)
[java] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
[java] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcces
sorImpl.java:39)
[java] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMet
hodAccessorImpl.java:25)
[java] at
java.lang.reflect.Method.invoke(Method.java:324)
[java] at
javax.security.auth.login.LoginContext.invoke(LoginContext.ja
va:675)
[java] at
javax.security.auth.login.LoginContext.access$000(LoginContex
t.java:129)
[java] at
javax.security.auth.login.LoginContext$4.run(LoginContext.jav
a:610)
[java] at
java.security.AccessController.doPrivileged(Native
Method)
[java] at
javax.security.auth.login.LoginContext.invokeModule(LoginCont
ext.java:607)
[java] at
javax.security.auth.login.LoginContext.login(LoginContext.jav
a:534)
[java] at
edu.yale.its.tp.cas.auth.provider.KerberosAuthHandler.authent
icate(Unknown Source)
[java] at
edu.yale.its.tp.cas.servlet.Login.doGet(Unknown
Source)
[java] at
edu.yale.its.tp.cas.servlet.Login.doPost(Unknown
Source)
[java] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
[java] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
[java] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFil
ter(ApplicationFilterChain.java:237)
[java] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(Appl
icationFilterChain.java:157)
[java] at
org.apache.catalina.core.ApplicationDispatcher.invoke(Applica
tionDispatcher.java:703)
[java] at
org.apache.catalina.core.ApplicationDispatcher.processRequest
(ApplicationDispatcher.java:463)
[java] at
org.apache.catalina.core.ApplicationDispatcher.doForward(Appl
icationDispatcher.java:398)
[java] at
org.apache.catalina.core.ApplicationDispatcher.forward(Applic
ationDispatcher.java:312)
[java] at
org.apache.jasper.runtime.PageContextImpl.doForward(PageConte
xtImpl.java:670)
[java] at
org.apache.jasper.runtime.PageContextImpl.forward(PageContext
Impl.java:637)
[java] at
org.apache.jsp.index_jsp._jspService(index_jsp.java:42)
[java] at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.jav
a:94)
[java] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
[java] at
org.apache.jasper.servlet.JspServletWrapper.service(JspServle
tWrapper.java:298)
[java] at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServle
t.java:292)
[java] at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:
236)
[java] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
[java] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFil
ter(ApplicationFilterChain.java:237)
[java] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(Appl
icationFilterChain.java:157)
[java] at
org.apache.catalina.core.StandardWrapperValve.invoke(Standard
WrapperValve.java:214)
[java] at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
[java] at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
[java] at
org.apache.catalina.core.StandardContextValve.invokeInternal(
StandardContextValve.java:198)
[java] at
org.apache.catalina.core.StandardContextValve.invoke(Standard
ContextValve.java:152)
[java] at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
[java] at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
[java] at
org.apache.catalina.core.StandardHostValve.invoke(StandardHos
tValve.java:137)
[java] at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
[java] at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepor
tValve.java:117)
[java] at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:102)
[java] at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
[java] at
org.apache.catalina.core.StandardEngineValve.invoke(StandardE
ngineValve.java:109)
[java] at
org.apache.catalina.core.StandardValveContext.invokeNext(Stan
dardValveContext.java:104)
[java] at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipe
line.java:520)
[java] at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.j
ava:929)
[java] at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter
.java:160)
[java] at
org.apache.coyote.http11.Http11Processor.process(Http11Proces
sor.java:793)
[java] at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandl
er.processConnection(Http11Protocol.java:702)
[java] at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpo
int.java:571)
[java] at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:644)
[java] at
java.lang.Thread.run(Thread.java:534)
[java] Caused by: KrbException: KDC has no
support for encryption type (14)
[java] at
sun.security.krb5.KrbAsRep.<init>(DashoA6275:67)
[java] at
sun.security.krb5.KrbAsReq.getReply(DashoA6275:315)
[java] at
sun.security.krb5.Credentials.acquireTGT(DashoA6275:352)
[java] at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentic
ation(Krb5LoginModule.java:576)
[java] ... 55 more
[java] Caused by: KrbException: Identifier
doesn't match expected value (90
6)
[java] at
sun.security.krb5.internal.af.a(DashoA6275:134)
[java] at
sun.security.krb5.internal.at.a(DashoA6275:63)
[java] at
sun.security.krb5.internal.at.<init>(DashoA6275:58)
[java] at
sun.security.krb5.KrbAsRep.<init>(DashoA6275:53)
[java] ... 58 more
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
________________________________________________
Kerberos mailing list Kerb...@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Jeffrey Altman
are des-cbc-crc and des-cbc-md5. the 3des enctypes are not
supported by Microsoft.