Problem incorporating Single-Signon Using MS Active Directory
Hello:
I am using j2sdk1.4.2_07 and attempting to incorporate single-signon. There is a very nice article describing all of the steps necessary @ http://e-docs.bea.com/wls/docs90/secmanage/sso.html
My problem is at the final step which uses the kinit utility to verify Kerberos authentication is working properly:
kinit -k -t C:\temp\fips201cmsdemo.localhost.keytab localhost/ fips201cmsdemo
i get the following error:
Exception: krb_error 0 Cannot retrieve key from keytab for principal localhost/f
ips201cmsdemo@FIPS201.SOLUTIONS.COM No error
KrbException: Cannot retrieve key from keytab for principal localhost/fips201cms
demo@FIPS201.SOLUTIONS.COM
at sun.security.krb5.internal.tools.Kinit.<init>(DashoA12275:199)
at sun.security.krb5.internal.tools.Kinit.main(DashoA12275:109)
To try and diagnose this, I have tried a klist and see my keys in the keytab file:
===================================================
klist -k C:\temp\fips201cmsdemo.localhost.keytab
Key tab: C:\temp\fips201cmsdemo.localhost.keytab, 2 entries found.
[1] Service principal: localhost/fips201cmsdemo@FIPS201.SOLUTIONS.COM
KVNO: 2
[2] Service principal: fips201cmsdemo.FIPS201.SOLUTIONS.COM@FIPS201.SOLUTIONS.COM
KVNO: 1
===================================================
... and below is the krb5.ini file:
===================================================
[libdefaults]
default_realm = FIPS201.SOLUTIONS.COM
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
ticket_lifetime = 600
[realms]
FIPS201.SOLUTIONS.COM = {
kdc = 192.168.1.102
admin_server = 192.168.1.102
default_domain = FIPS201.SOLUTIONS.COM }
[domain_realm]
fips201.solutions.com = FIPS201.SOLUTIONS.COM
[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
===================================================
If anyone has any ideas, I would appreciate any suggestions you might have. Thank you
Harvey
