1

我正在使用 JAVA 5 成功使用 GSSAPI。使用 JAVA 6 和 7,InitialLdapContext 调用失败并显示以下堆栈跟踪:

>>>KRBError:
     sTime is Fri Jun 14 13:40:01 CEST 2013 1371210001000
     suSec is 948732
     error code is 7
     error Message is Server not found in Kerberos database
     realm is DE.XXX.NET
     sname is ldap/yyy.de.xxx.net
     msgType is 30
KrbException: Server not found in Kerberos database (7)
     at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
     at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
     at sun.security.krb5.KrbTgsReq.sendAndGetCreds(Unknown Source)
     at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
     at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)
     at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
     at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
     at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
     at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
     at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
     at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
     at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
     at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
     at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
     at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
     at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
     at javax.naming.InitialContext.init(Unknown Source)
     at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
     at kerberos.UserRoles2.getUserRoles(UserRoles2.java:27)
     at kerberos.Server$2.run(Server.java:240)
     at kerberos.Server$2.run(Server.java:1)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAs(Unknown Source)
     at kerberos.Server.getRoles(Server.java:233)
     at kerberos.Server.main(Server.java:95)
Caused by: KrbException: Identifier doesn't match expected value (906)
     at sun.security.krb5.internal.KDCRep.init(Unknown Source)
     at sun.security.krb5.internal.TGSRep.init(Unknown Source)
     at sun.security.krb5.internal.TGSRep.<init>(Unknown Source)
     ... 29 more

Problem searching directory: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]

有人知道 Java 6 或 7 出了什么问题吗?

ktab 文件是使用 jre 7 的 ktab 工具创建的。

"c:\Program Files\Java\jre7\bin\ktab.exe" -a user@DOMAIN.DE 密码 -k my.keytab -n 0 "c:\Program Files\Java\jre7\bin\ktab.exe" -a 服务/主机@DOMAIN.DE 密码 -k my.keytab -n 0

Windows 服务器 2008 活动目录

请记住:如果我使用的是 Java 5,InitialLdapContext 调用会按预期工作。

提前致谢

迈克尔

4

1 回答 1

1

问题解决了。

我为 ldap_url 属性使用了别名 dns 名称。在 Java 1.5 中,别名 dns 名称被解析为真实的 dns 名称。在 Java 1.6 和 1.7 中,解析不会发生。

更改为真实的 dns 名称解决了这个问题。

于 2013-08-02T09:14:39.070 回答