Re: [keycloak-user] Kerberos Authentication
"Matthias Müller" <matthiasmueller07(a)web.de> writes:
here are the trace information. I d not have much experience with
Kerberos, maybe you can see a reason?
Not really - there are lots of post for failed authentication with
kerberos and AD. Some talk about errors with encryption types, but
nothing conclusive and your trace doesn't really help me.
KRB5_TRACE=/dev/stderr kinit -kt /etc/keytab/servername.keytab
HTTP/servername(a)domain.local
...
[8639] 1531391994.124216: Selected etype info: etype aes256-cts, salt
"DOMAIN.LOCALHTTPservername", params ""
[8639] 1531391994.124325: Retrieving HTTP/servername(a)domain.local from
FILE:/etc/keytab/servername.keytab (vno 0, enctype aes256-cts) with
result: 0/Success
[8639] 1531391994.124420: AS key obtained for encrypted timestamp: aes256-cts/3C17
Thanks
Looking for aes256-cts and kerberos with google may have some hints, but
nothing I can really point to.
Do you have access to the KDC logs? Can you authenticate the the keytab
on a windows machine?
Jochen
--
This space is intentionally left blank.