Java 1.8 JAAS 无法识别我自己生成的密钥表中的主体
Java 1.8 JAAS doesn't recognize the principal in my own generated keytab
Java 在我自己的密钥表文件中找不到我的主体名称?
我期待 Java JAAS 模块在我的 keytab 文件中找到主体时生成 TGT。我还在同一个密钥表文件上使用了 kinit,这确实有效。
尽管 JAAS 按照配置文件的指示找到了密钥表,但我收到了下一条消息:
...
Native config name: C:\Windows\krb5.ini
getRealmFromDNS: trying YEF.GSC.RD
Acquire TGT from Cache
>>>KinitOptions cache name is C:\Users\tester1\krb5cc_tester1
>> Acquire default native Credentials
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23.
LSA: Found KrbCreds constructor
LSA: Got handle to Kerberos package
LSA: Response size is 0
LSA: Error calling function Protocol status: 1312
LSA: A specified logon session does not exist. It may already have been terminated.
>>> Found no TGT's in LSA
Principal is john@YEF.GSC.RD
null credentials from Ticket Cache
Looking for keys for: john@YEF.GSC.RD
Key for the principal john@YEF.GSC.RD not available in c:/user/tester1/keytab
(我使用调试标志 -Dsun.security.krb5.debug=true 来获取这些详细信息,并且 运行 它是独立的而不是webstart,只是为了在没有 webstart 启动开销的情况下开始工作)
配置文件说:
WEBSTART_CLIENT_CONTEXT {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
doNotPrompt=false
principal=john
renewTGT=true
useKeyTab=true
keyTab="c:/user/tester1/keytab"
debug=true;
};
我在客户端机器上本地生成的密钥表文件是:
c:\Users\tester1>klist -k -t -K -e keytab
Key tab: keytab, 6 entries found.
[1] Service principal: tester1@YEF.GSC.RD
KVNO: 1
Key type: 17
Key: 0x2dccdcd29d17e2719eb5af9f1b0f7448
Time stamp: Oct 30, 2015 15:37:02
[2] Service principal: tester1@YEF.GSC.RD
KVNO: 1
Key type: 16
Key: 0xcd10890becd5fbcb526e9104765116807a5ecd38da762ab0
Time stamp: Oct 30, 2015 15:37:02
[3] Service principal: tester1@YEF.GSC.RD
KVNO: 1
Key type: 23
Key: 0xb9218bada80f02c685e1958a5042f5fc
Time stamp: Oct 30, 2015 15:37:02
[4] Service principal: john@YEF.GSC.RD
KVNO: 1
Key type: 17
Key: 0x7d4b7a98e179d7284dcd7ff3a69c890e
Time stamp: Nov 02, 2015 13:24:37
[5] Service principal: john@YEF.GSC.RD
KVNO: 1
Key type: 16
Key: 0x4ca17a0b2a58679207162cf13864c143d05e869101b5a2ef
Time stamp: Nov 02, 2015 13:24:37
[6] Service principal: john@YEF.GSC.RD
KVNO: 1
Key type: 23
Key: 0xb9218bada80f02c685e1958a5042f5fc
Time stamp: Nov 02, 2015 13:24:37
但是由于某种原因 JAAS 找不到 john@YEF.GSC.RD ,正如它所说:
Key for the principal john@YEF.GSC.RD not available in c:/user/tester1/keytab
互联网上有人提到 KVNO 为 0。所以我也使用以下方法进行了测试:
ktab -k keytab -a john@YEF.GSC.RD -n 0
但是发生了完全相同的错误。想知道 java 希望在密钥表中找到什么..
在 Windows 7 机器上使用 Java 1.8.0
您的问题很可能与 path 错误有关。在您的配置中,您使用路径 keyTab="c:/user/tester1/keytab",当您使用 klist 工具检查它时,您使用另一个路径 c:\Users\tester1>。
您的配置应该指向正确的路径。考虑到这不是错字,它应该是:
keyTab="c:/Users/tester1/keytab"
Java 在我自己的密钥表文件中找不到我的主体名称?
我期待 Java JAAS 模块在我的 keytab 文件中找到主体时生成 TGT。我还在同一个密钥表文件上使用了 kinit,这确实有效。
尽管 JAAS 按照配置文件的指示找到了密钥表,但我收到了下一条消息:
...
Native config name: C:\Windows\krb5.ini
getRealmFromDNS: trying YEF.GSC.RD
Acquire TGT from Cache
>>>KinitOptions cache name is C:\Users\tester1\krb5cc_tester1
>> Acquire default native Credentials
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23.
LSA: Found KrbCreds constructor
LSA: Got handle to Kerberos package
LSA: Response size is 0
LSA: Error calling function Protocol status: 1312
LSA: A specified logon session does not exist. It may already have been terminated.
>>> Found no TGT's in LSA
Principal is john@YEF.GSC.RD
null credentials from Ticket Cache
Looking for keys for: john@YEF.GSC.RD
Key for the principal john@YEF.GSC.RD not available in c:/user/tester1/keytab
(我使用调试标志 -Dsun.security.krb5.debug=true 来获取这些详细信息,并且 运行 它是独立的而不是webstart,只是为了在没有 webstart 启动开销的情况下开始工作)
配置文件说:
WEBSTART_CLIENT_CONTEXT {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
doNotPrompt=false
principal=john
renewTGT=true
useKeyTab=true
keyTab="c:/user/tester1/keytab"
debug=true;
};
我在客户端机器上本地生成的密钥表文件是:
c:\Users\tester1>klist -k -t -K -e keytab
Key tab: keytab, 6 entries found.
[1] Service principal: tester1@YEF.GSC.RD
KVNO: 1
Key type: 17
Key: 0x2dccdcd29d17e2719eb5af9f1b0f7448
Time stamp: Oct 30, 2015 15:37:02
[2] Service principal: tester1@YEF.GSC.RD
KVNO: 1
Key type: 16
Key: 0xcd10890becd5fbcb526e9104765116807a5ecd38da762ab0
Time stamp: Oct 30, 2015 15:37:02
[3] Service principal: tester1@YEF.GSC.RD
KVNO: 1
Key type: 23
Key: 0xb9218bada80f02c685e1958a5042f5fc
Time stamp: Oct 30, 2015 15:37:02
[4] Service principal: john@YEF.GSC.RD
KVNO: 1
Key type: 17
Key: 0x7d4b7a98e179d7284dcd7ff3a69c890e
Time stamp: Nov 02, 2015 13:24:37
[5] Service principal: john@YEF.GSC.RD
KVNO: 1
Key type: 16
Key: 0x4ca17a0b2a58679207162cf13864c143d05e869101b5a2ef
Time stamp: Nov 02, 2015 13:24:37
[6] Service principal: john@YEF.GSC.RD
KVNO: 1
Key type: 23
Key: 0xb9218bada80f02c685e1958a5042f5fc
Time stamp: Nov 02, 2015 13:24:37
但是由于某种原因 JAAS 找不到 john@YEF.GSC.RD ,正如它所说:
Key for the principal john@YEF.GSC.RD not available in c:/user/tester1/keytab
互联网上有人提到 KVNO 为 0。所以我也使用以下方法进行了测试:
ktab -k keytab -a john@YEF.GSC.RD -n 0
但是发生了完全相同的错误。想知道 java 希望在密钥表中找到什么..
在 Windows 7 机器上使用 Java 1.8.0
您的问题很可能与 path 错误有关。在您的配置中,您使用路径 keyTab="c:/user/tester1/keytab",当您使用 klist 工具检查它时,您使用另一个路径 c:\Users\tester1>。
您的配置应该指向正确的路径。考虑到这不是错字,它应该是:
keyTab="c:/Users/tester1/keytab"