[adde] Client not found in Kerberos database

• From: "Fischer, Lars" <lars.fischer@xxxxxxxxxxx>
• To: "adde@xxxxxxxxxxxxx" <adde@xxxxxxxxxxxxx>
• Date: Thu, 15 Jul 2010 09:20:04 +0200

Hallo,

ich habe folgendes Problem, ein Kunde von uns hat eine Java-Anwendung die ein 
Keytab nutzt.
Die Anwendung wird täglich neugestartet. Gestern funktionierte die Anwendung 
nicht mehr mit dem Fehler

"Client not found in Kerberos database"

Allerdings ist der SPN im Account gepflegt:

[cid:image001.png@01CB23FE.E8C94140]

Habt ihr das schonmal gehabt dass der DC den SPN nicht mehr findet obwohl er 
vorhanden ist?

Anbei noch das log vom Aufruf des kinit:

D:\Program Files\Java\jdk1.6.0_20\bin>kinit -k -t \ibi\WebFOCUS77\webapps\webfoc
us\WEB-INF\XXX.keytab HTTP/webfocus-energy-prod02.XXX.XXX.com@REALMNAME 
-J-Dsun.security.krb5.debug=true

>>>KinitOptions cache name is C:\Documents and Settings\e711a-behre03m\krb5cc_e7
11a-behre03m
Principal is HTTP/webfocus-energy-prod02.XXX.XXX.com@REALMNAME
>>> Kinit using keytab
>>> Kinit keytab file name: \ibi\WebFOCUS77\webapps\webfocus\WEB-INF\DEFTHW99W4Y
SRV.keytab
>>> KeyTabInputStream, readName(): REALMNAME
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): webfocus-energy-prod02.XXX.XXX.com
>>> KeyTab: load() entry length: 96; type: 23
Added key: 23version: 13
Ordering keys wrt default_tkt_enctypes list
Config name: C:\WINDOWS\krb5.ini
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> Kinit realm name is REALMNAME
>>> Creating KrbAsReq
>>> KrbKdcReq local addresses for SERVER are:
       SERVER/IP
IPv4 address
       SERVER/IP
IPv4 address
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> Kinit: sending as_req to realm REALMNAME
>>> KrbKdcReq send: kdc=DC FQDN UDP:88, timeout=30000,
number of retries =3, #bytes=219
>>> KDCCommunication: kdc=DC FQDN UDP:88, timeout=30000
,Attempt =1, #bytes=219
>>> KrbKdcReq send: #bytes read=106
>>> KrbKdcReq send: #bytes read=106
>>> reading response from kdc
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
         sTime is Thu Jul 15 08:30:11 CEST 2010 1279175411000
         suSec is 788625
         error code is 6
         error Message is Client not found in Kerberos database
         realm is REALMNAME
         sname is krbtgt/ REALMNAME
         msgType is 30
Exception: krb_error 6 Client not found in Kerberos database (6) Client not foun
d in Kerberos database
KrbException: Client not found in Kerberos database (6)
        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
        at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
        at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:306)
        at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:237)
        at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:107)
Caused by: KrbException: Identifier doesn't match expected value (906)


Gruß Lars

• Follow-Ups:
  • [adde] AW: Client not found in Kerberos database
    • From: Fischer, Lars

Other related posts:

• » [adde] Client not found in Kerberos database - Fischer, Lars

1. Home
2. adde
3. Archive
4. 07-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---