Java 1.8 JAAS 无法识别我自己生成的密钥表中的主体

Java 1.8 JAAS doesn't recognize the principal in my own generated keytab

Java 在我自己的密钥表文件中找不到我的主体名称?
我期待 Java JAAS 模块在我的 keytab 文件中找到主体时生成 TGT。我还在同一个密钥表文件上使用了 kinit,这确实有效。

尽管 JAAS 按照配置文件的指示找到了密钥表,但我收到了下一条消息:

...
Native config name: C:\Windows\krb5.ini
getRealmFromDNS: trying YEF.GSC.RD
Acquire TGT from Cache
>>>KinitOptions cache name is C:\Users\tester1\krb5cc_tester1
>> Acquire default native Credentials
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23.
LSA: Found KrbCreds constructor
LSA: Got handle to Kerberos package
LSA: Response size is 0
LSA: Error calling function Protocol status: 1312
LSA: A specified logon session does not exist. It may already have been terminated.
>>> Found no TGT's in LSA
Principal is john@YEF.GSC.RD
null credentials from Ticket Cache
Looking for keys for: john@YEF.GSC.RD
Key for the principal john@YEF.GSC.RD not available in c:/user/tester1/keytab

(我使用调试标志 -Dsun.security.krb5.debug=true 来获取这些详细信息,并且 运行 它是独立的而不是webstart,只是为了在没有 webstart 启动开销的情况下开始工作)
配置文件说:

  WEBSTART_CLIENT_CONTEXT {
       com.sun.security.auth.module.Krb5LoginModule required 
       useTicketCache=true
       doNotPrompt=false   
       principal=john
       renewTGT=true
       useKeyTab=true
       keyTab="c:/user/tester1/keytab"
       debug=true; 
    };  

我在客户端机器上本地生成的密钥表文件是:

c:\Users\tester1>klist -k -t -K -e keytab

Key tab: keytab, 6 entries found.

[1] Service principal: tester1@YEF.GSC.RD
         KVNO: 1
         Key type: 17
         Key: 0x2dccdcd29d17e2719eb5af9f1b0f7448
         Time stamp: Oct 30, 2015 15:37:02
[2] Service principal: tester1@YEF.GSC.RD
         KVNO: 1
         Key type: 16
         Key: 0xcd10890becd5fbcb526e9104765116807a5ecd38da762ab0
         Time stamp: Oct 30, 2015 15:37:02
[3] Service principal: tester1@YEF.GSC.RD
         KVNO: 1
         Key type: 23
         Key: 0xb9218bada80f02c685e1958a5042f5fc
         Time stamp: Oct 30, 2015 15:37:02
[4] Service principal: john@YEF.GSC.RD
         KVNO: 1
         Key type: 17
         Key: 0x7d4b7a98e179d7284dcd7ff3a69c890e
         Time stamp: Nov 02, 2015 13:24:37
[5] Service principal: john@YEF.GSC.RD
         KVNO: 1
         Key type: 16
         Key: 0x4ca17a0b2a58679207162cf13864c143d05e869101b5a2ef
         Time stamp: Nov 02, 2015 13:24:37
[6] Service principal: john@YEF.GSC.RD
         KVNO: 1
         Key type: 23
         Key: 0xb9218bada80f02c685e1958a5042f5fc
         Time stamp: Nov 02, 2015 13:24:37

但是由于某种原因 JAAS 找不到 john@YEF.GSC.RD ,正如它所说:

Key for the principal john@YEF.GSC.RD not available in c:/user/tester1/keytab

互联网上有人提到 KVNO 为 0。所以我也使用以下方法进行了测试:

ktab -k keytab -a john@YEF.GSC.RD -n 0

但是发生了完全相同的错误。想知道 java 希望在密钥表中找到什么..

在 Windows 7 机器上使用 Java 1.8.0

您的问题很可能与 path 错误有关。在您的配置中,您使用路径 keyTab="c:/user/tester1/keytab",当您使用 klist 工具检查它时,您使用另一个路径 c:\Users\tester1>

您的配置应该指向正确的路径。考虑到这不是错字,它应该是:

keyTab="c:/Users/tester1/keytab"