我对生成用于 SQL 服务器 kerberos 身份验证的 keytab 文件有一些疑问。
SQL server 的 SPN 为:
MSSQLSvc/myhost:1433@MYDOMAIN.COM
我已将密钥表文件创建为:
ktpass -out "C:\Users\myuser\KerberosConf\MSSQL\myappserver.keytab" -princ MSSQLSvc/myhost:1433@MYDOMAIN.COM -mapUser mydomain\myuser-pass Test@123 -crypto AES256-SHA1 -pType KRB5_NT_PRINCIPAL
查看 keytab 时,它显示正确的 SPN 为:
[1] Service principal: MSSQLSvc/myhost:1433@MYDOMAIN.COM KVNO: 18
但是,在引用 keytab 文件进行身份验证时,会引发以下错误:
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is C:/Users/myuser/KerberosConf/MSSQL/myappserver.keytab refreshKrb5Config is false principal is MSSQLSvc/myhost:1433@MYDOMAIN.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false Key for the principal MSSQLSvc/myhost:1433@MYDOMAIN.COM not available in C:/Users/myuser/KerberosConf/MSSQL/myappserver.keytab
[Krb5LoginModule] authentication failed Unable to obtain password from user
javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
请帮我解决这个问题