0

我收到以下异常。尝试使用 Kerberos 进行 SSO 时:

GSSException: Failure unspecified at GSS-API level (Mechanism level:
Invalid argument (400) - Cannot find key of appropriate type to
decrypt AP REP - RC4 with HMAC)

我正在使用 Ktpass 生成密钥。当我使用默认加密选项时,它可以工作。但是当我在 Ktpass 命令中添加“-crypto AES256-SHA1”时,调用函数 org.ietf.jgss.GSSContext.acceptSecContext 时会引发以下异常

我正在使用 Java 8 在 apache-tomact 上进行开发。

我的 krb5.conf 是

# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
# default_realm = EXAMPLE.COM
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
#  kdc = kerberos.example.com
#  admin_server = kerberos.example.com
# }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
4

1 回答 1

0

您应该在 krb5.conf 的某处有默认的tkttgs enctypes

由于您的配置似乎可以工作,但不能使用加密选项 = AES256-SHA1,请将以下值添加到您的 krb5.conf(在[libdefaults]下):

default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
于 2017-06-20T06:31:32.080 回答