[keycloak-user] Kerberos Authentication
Jochen Hein
jochen at jochen.org
Thu Jul 12 13:45:31 EDT 2018
"Matthias Müller" <matthiasmueller07 at web.de> writes:
> here are the trace information. I d not have much experience with Kerberos, maybe you can see a reason?
Not really - there are lots of post for failed authentication with
kerberos and AD. Some talk about errors with encryption types, but
nothing conclusive and your trace doesn't really help me.
> KRB5_TRACE=/dev/stderr kinit -kt /etc/keytab/servername.keytab HTTP/servername at domain.local
...
> [8639] 1531391994.124216: Selected etype info: etype aes256-cts, salt "DOMAIN.LOCALHTTPservername", params ""
> [8639] 1531391994.124325: Retrieving HTTP/servername at domain.local from
> FILE:/etc/keytab/servername.keytab (vno 0, enctype aes256-cts) with
> result: 0/Success
> [8639] 1531391994.124420: AS key obtained for encrypted timestamp: aes256-cts/3C17
> Thanks
Looking for aes256-cts and kerberos with google may have some hints, but
nothing I can really point to.
Do you have access to the KDC logs? Can you authenticate the the keytab
on a windows machine?
Jochen
--
This space is intentionally left blank.
More information about the keycloak-user
mailing list