API tools faq
paste
Guest User

Untitled

a guest
Mar 21st, 2018
79
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.42 KB | None | 0 0
raw download clone embed print report
  1. [libdefaults]
  2. default_realm = DEV.LOCAL
  3. default_keytab_name = FILE:D:ProjekteDEV_Verwaltungapache-tomcatconftomcat.keytab
  4. default_tkt_enctypes = rc4-hmac,AES-256-CTS-HMAC-SHA1-96,AES-128-CTS-HMAC-SHA1-96
  5. default_tgs_enctypes = rc4-hmac,AES-256-CTS-HMAC-SHA1-96,AES-128-CTS-HMAC-SHA1-96
  6. permitted_enctypes = rc4-hmac,AES-256-CTS-HMAC-SHA1-96,AES-128-CTS-HMAC-SHA1-96
  7.  
  8. forwardable=true
  9.  
  10. [realms]
  11. DEV.LOCAL = {
  12. kdc = dev-dc01.dev.local:88
  13. }
  14.  
  15. [domain_realm]
  16. dev.local= DEV.LOCAL
  17. .dev.local= DEV.LOCAL
  18.  
  19. com.sun.security.jgss.krb5.initiate {
  20. com.sun.security.auth.module.Krb5LoginModule required
  21. doNotPrompt=true
  22. principal="HTTP/dev160.dev.local@DEV.LOCAL"
  23. useKeyTab=true
  24. keyTab="D:/Projekte/DEV_Verwaltung/apache-tomcat/conf/tomcat.keytab"
  25. storeKey=true
  26. debug=true
  27. moduleBanner=true;
  28. };
  29.  
  30. com.sun.security.jgss.krb5.accept {
  31. com.sun.security.auth.module.Krb5LoginModule required
  32. doNotPrompt=true
  33. useKeyTab=true
  34. storeKey=true
  35. debug=true
  36. moduleBanner=true
  37. principal="HTTP/dev160.dev.local@DEV.LOCAL"
  38. keyTab="D:/Projekte/DEV_Verwaltung/apache-tomcat/conf/tomcat.keytab"
  39. ;
  40. };
  41.  
  42. <Engine name="Catalina" defaultHost="localhost">
  43. <Realm className="org.apache.catalina.realm.JNDIRealm"
  44. connectionURL="ldap://dev-dc01.dev.local:389"
  45. userBase="OU=Benutzer,OU=DEV,DC=dev,DC=local"
  46. userSubtree="true"
  47. userSearch="(sAMAccountName={0})"
  48. userRoleName="memberOf"
  49. roleBase="cn=Users,dc=dev,dc=local"
  50. roleName="cn"
  51. roleSearch="(member={0})"
  52. roleSubtree="true"
  53. roleNested="true"
  54.  
  55. useDelegatedCredential="false"
  56. />
  57. <Host name="localhost" appBase="webapps">
  58. <Context docBase="ROOT.war" path="">
  59. <!--loginConfigName="com.sun.security.auth.module.Krb5LoginModule.accept"-->
  60. <Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"
  61.  
  62. storeDelegatedCredential="true" />
  63. </Context>
  64. </Host>
  65. </Engine>
  66.  
  67. <security-constraint>
  68. <web-resource-collection>
  69. <web-resource-name>DEV Portal</web-resource-name>
  70. <url-pattern>/index.xob</url-pattern>
  71. <url-pattern>/index.html</url-pattern>
  72. <http-method>DELETE</http-method>
  73. <http-method>GET</http-method>
  74. <http-method>POST</http-method>
  75. <http-method>PUT</http-method>
  76. </web-resource-collection>
  77. <auth-constraint>
  78. <role-name>*</role-name>
  79. </auth-constraint>
  80. <user-data-constraint>
  81. <transport-guarantee>NONE</transport-guarantee>
  82. </user-data-constraint>
  83. </security-constraint>
  84.  
  85. <login-config>
  86. <auth-method>SPNEGO</auth-method>
  87. </login-config>
  88.  
  89. C:>setspn -l tc01
  90. Registered ServicePrincipalNames for CN=Tomcat DEV160,OU=Aktiv,OU=Benutzer,OU=DEV,DC=dev,DC=local:
  91. http/dev160.dev.local@DEV.LOCAL
  92. HTTP/dev160.dev.local
  93.  
  94. ktpass -out tomcat.keytab -mapuser tc01@dev.local -princ HTTP/dev160.dev.local@DEV.LOCAL -ptype KRB5_NT_PRINCIPAL -kvno 0 -crypto All -pass mySecurePassword
  95.  
  96. Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is D:/Projekte/DEV_Verwaltung/apache-tomcat/conf/tomcat.keytab refreshKrb5Config is false principal is HTTP/dev160.dev.local@DEV.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
  97. Looking for keys for: HTTP/dev160.dev.local@DEV.LOCAL
  98. Added key: 17version: 0
  99. Found unsupported keytype (18) for HTTP/dev160.dev.local@DEV.LOCAL
  100. Added key: 23version: 0
  101. Found unsupported keytype (3) for HTTP/dev160.dev.local@DEV.LOCAL
  102. Found unsupported keytype (1) for HTTP/dev160.dev.local@DEV.LOCAL
  103. Looking for keys for: HTTP/dev160.dev.local@DEV.LOCAL
  104. Added key: 17version: 0
  105. Found unsupported keytype (18) for HTTP/dev160.dev.local@DEV.LOCAL
  106. Added key: 23version: 0
  107. Found unsupported keytype (3) for HTTP/dev160.dev.local@DEV.LOCAL
  108. Found unsupported keytype (1) for HTTP/dev160.dev.local@DEV.LOCAL
  109. default etypes for default_tkt_enctypes: 23.
  110. >>> KrbAsReq creating message
  111. >>> KrbKdcReq send: kdc=dev-dc01.dev.local UDP:88, timeout=30000, number of retries =3, #bytes=145
  112. >>> KDCCommunication: kdc=dev-dc01.dev.local UDP:88, timeout=30000,Attempt =1, #bytes=145
  113. >>> KrbKdcReq send: #bytes read=175
  114. >>>Pre-Authentication Data:
  115. PA-DATA type = 11
  116. PA-ETYPE-INFO etype = 23, salt =
  117.  
  118. >>>Pre-Authentication Data:
  119. PA-DATA type = 19
  120. PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
  121.  
  122. >>>Pre-Authentication Data:
  123. PA-DATA type = 2
  124. PA-ENC-TIMESTAMP
  125. >>>Pre-Authentication Data:
  126. PA-DATA type = 16
  127.  
  128. >>>Pre-Authentication Data:
  129. PA-DATA type = 15
  130.  
  131. >>> KdcAccessibility: remove dev-dc01.dev.local:88
  132. >>> KDCRep: init() encoding tag is 126 req type is 11
  133. >>>KRBError:
  134. sTime is Wed Mar 21 17:32:30 CET 2018 1521649950000
  135. suSec is 204749
  136. error code is 25
  137. error Message is Additional pre-authentication required
  138. sname is krbtgt/DEV.LOCAL@DEV.LOCAL
  139. eData provided.
  140. msgType is 30
  141. >>>Pre-Authentication Data:
  142. PA-DATA type = 11
  143. PA-ETYPE-INFO etype = 23, salt =
  144.  
  145. >>>Pre-Authentication Data:
  146. PA-DATA type = 19
  147. PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
  148.  
  149. >>>Pre-Authentication Data:
  150. PA-DATA type = 2
  151. PA-ENC-TIMESTAMP
  152. >>>Pre-Authentication Data:
  153. PA-DATA type = 16
  154.  
  155. >>>Pre-Authentication Data:
  156. PA-DATA type = 15
  157.  
  158. KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
  159. default etypes for default_tkt_enctypes: 23.
  160. Looking for keys for: HTTP/dev160.dev.local@DEV.LOCAL
  161. Added key: 17version: 0
  162. Found unsupported keytype (18) for HTTP/dev160.dev.local@DEV.LOCAL
  163. Added key: 23version: 0
  164. Found unsupported keytype (3) for HTTP/dev160.dev.local@DEV.LOCAL
  165. Found unsupported keytype (1) for HTTP/dev160.dev.local@DEV.LOCAL
  166. Looking for keys for: HTTP/dev160.dev.local@DEV.LOCAL
  167. Added key: 17version: 0
  168. Found unsupported keytype (18) for HTTP/dev160.dev.local@DEV.LOCAL
  169. Added key: 23version: 0
  170. Found unsupported keytype (3) for HTTP/dev160.dev.local@DEV.LOCAL
  171. Found unsupported keytype (1) for HTTP/dev160.dev.local@DEV.LOCAL
  172. default etypes for default_tkt_enctypes: 23.
  173. >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
  174. >>> KrbAsReq creating message
  175. >>> KrbKdcReq send: kdc=dev-dc01.dev.local UDP:88, timeout=30000, number of retries =3, #bytes=228
  176. >>> KDCCommunication: kdc=dev-dc01.dev.local UDP:88, timeout=30000,Attempt =1, #bytes=228
  177. >>> KrbKdcReq send: #bytes read=1406
  178. >>> KdcAccessibility: remove dev-dc01.dev.local:88
  179. Looking for keys for: HTTP/dev160.dev.local@DEV.LOCAL
  180. Added key: 17version: 0
  181. Found unsupported keytype (18) for HTTP/dev160.dev.local@DEV.LOCAL
  182. Added key: 23version: 0
  183. Found unsupported keytype (3) for HTTP/dev160.dev.local@DEV.LOCAL
  184. Found unsupported keytype (1) for HTTP/dev160.dev.local@DEV.LOCAL
  185. >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
  186. >>> KrbAsRep cons in KrbAsReq.getReply HTTP/dev160.dev.local
  187. principal is HTTP/dev160.dev.local@DEV.LOCAL
  188. Will use keytab
  189. Commit Succeeded
  190.  
  191. Found KeyTab D:ProjekteDEV_Verwaltungapache-tomcatconftomcat.keytab for HTTP/dev160.dev.local@DEV.LOCAL
  192. Found KeyTab D:ProjekteDEV_Verwaltungapache-tomcatconftomcat.keytab for HTTP/dev160.dev.local@DEV.LOCAL
  193. Found ticket for HTTP/dev160.dev.local@DEV.LOCAL to go to krbtgt/DEV.LOCAL@DEV.LOCAL expiring on Thu Mar 22 03:32:30 CET 2018
  194. [Krb5LoginModule]: Entering logout
  195. [Krb5LoginModule]: logged out Subject
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!