Troubleshooting HelloKDC.java

Common Exception Messages:

  • Checksum failed
  • Client not found in Kerberos database (6)
  • KDC has no support for encryption type (14)
  • Clients credentials have been revoked (18)
  • Pre-authentication information was invalid (24)
  • Cannot get kdc for realm
  • The module name spnego-client was not found in the login file
  • javax.security.auth.login.LoginException: null (68)
  • Checksum failed

    * Check for a miss-typed password or wrong password.

    Client not found in Kerberos database (6)

    * Check for a miss-typed username or if username does not exist.

    KDC has no support for encryption type (14)

    * Check krb5.conf file to be sure valid encryption types have been specified.

    Clients credentials have been revoked (18)

    * Check if account is locked-out, expired, or disabled in Active Directory.

    Pre-authentication information was invalid (24)

    * Check for a miss-typed password or wrong password.

    Cannot get kdc for realm

    * Check [libdefaults] and [realms] section of krb5.conf for typos.

    * In the example, ATHENA.LOCAL is both the name of the Domain and the name of the Realm.

    The module name spnego-client was not found in the login file

    * Check for typos in the login.conf file.

    javax.security.auth.login.LoginException: null (68)

    * Check [libdefaults] and [realms] section of krb5.conf for typos.

    * In the example, ATHENA.LOCAL is both the name of the Domain and the name of the Realm.

    Links:
    pre-flight checklist
    install guide - tomcat
    install guide - jboss
    install guide - glassfish
    enable authZ with LDAP
    get user group info from LDAP
    reference docs
    api docs
    download

    Troubleshooting:
    HelloKDC.java
    hello_spnego.jsp
    HelloKeytab.java
    hello_delegate.jsp
    SpnegoHelloClient.java

    Examples:
    create keytab for client
    create keytab for app server
    credential delegation
    protected SOAP Web Service
    tomcat authenticator valve
    jboss authenticator valve
    authZ for standalone apps
    protecting edit button on page

    Licensing:
    GNU LGPL


    © 2009 Darwin V. Felix. All rights reserved.