Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [libdefaults]
- default_realm = DEV.LOCAL
- default_keytab_name = FILE:D:ProjekteDEV_Verwaltungapache-tomcatconftomcat.keytab
- default_tkt_enctypes = rc4-hmac,AES-256-CTS-HMAC-SHA1-96,AES-128-CTS-HMAC-SHA1-96
- default_tgs_enctypes = rc4-hmac,AES-256-CTS-HMAC-SHA1-96,AES-128-CTS-HMAC-SHA1-96
- permitted_enctypes = rc4-hmac,AES-256-CTS-HMAC-SHA1-96,AES-128-CTS-HMAC-SHA1-96
- forwardable=true
- [realms]
- DEV.LOCAL = {
- kdc = dev-dc01.dev.local:88
- }
- [domain_realm]
- dev.local= DEV.LOCAL
- .dev.local= DEV.LOCAL
- com.sun.security.jgss.krb5.initiate {
- com.sun.security.auth.module.Krb5LoginModule required
- doNotPrompt=true
- principal="HTTP/dev160.dev.local@DEV.LOCAL"
- useKeyTab=true
- keyTab="D:/Projekte/DEV_Verwaltung/apache-tomcat/conf/tomcat.keytab"
- storeKey=true
- debug=true
- moduleBanner=true;
- };
- com.sun.security.jgss.krb5.accept {
- com.sun.security.auth.module.Krb5LoginModule required
- doNotPrompt=true
- useKeyTab=true
- storeKey=true
- debug=true
- moduleBanner=true
- principal="HTTP/dev160.dev.local@DEV.LOCAL"
- keyTab="D:/Projekte/DEV_Verwaltung/apache-tomcat/conf/tomcat.keytab"
- ;
- };
- <Engine name="Catalina" defaultHost="localhost">
- <Realm className="org.apache.catalina.realm.JNDIRealm"
- connectionURL="ldap://dev-dc01.dev.local:389"
- userBase="OU=Benutzer,OU=DEV,DC=dev,DC=local"
- userSubtree="true"
- userSearch="(sAMAccountName={0})"
- userRoleName="memberOf"
- roleBase="cn=Users,dc=dev,dc=local"
- roleName="cn"
- roleSearch="(member={0})"
- roleSubtree="true"
- roleNested="true"
- useDelegatedCredential="false"
- />
- <Host name="localhost" appBase="webapps">
- <Context docBase="ROOT.war" path="">
- <!--loginConfigName="com.sun.security.auth.module.Krb5LoginModule.accept"-->
- <Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"
- storeDelegatedCredential="true" />
- </Context>
- </Host>
- </Engine>
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>DEV Portal</web-resource-name>
- <url-pattern>/index.xob</url-pattern>
- <url-pattern>/index.html</url-pattern>
- <http-method>DELETE</http-method>
- <http-method>GET</http-method>
- <http-method>POST</http-method>
- <http-method>PUT</http-method>
- </web-resource-collection>
- <auth-constraint>
- <role-name>*</role-name>
- </auth-constraint>
- <user-data-constraint>
- <transport-guarantee>NONE</transport-guarantee>
- </user-data-constraint>
- </security-constraint>
- <login-config>
- <auth-method>SPNEGO</auth-method>
- </login-config>
- C:>setspn -l tc01
- Registered ServicePrincipalNames for CN=Tomcat DEV160,OU=Aktiv,OU=Benutzer,OU=DEV,DC=dev,DC=local:
- http/dev160.dev.local@DEV.LOCAL
- HTTP/dev160.dev.local
- ktpass -out tomcat.keytab -mapuser tc01@dev.local -princ HTTP/dev160.dev.local@DEV.LOCAL -ptype KRB5_NT_PRINCIPAL -kvno 0 -crypto All -pass mySecurePassword
- Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is D:/Projekte/DEV_Verwaltung/apache-tomcat/conf/tomcat.keytab refreshKrb5Config is false principal is HTTP/dev160.dev.local@DEV.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
- Looking for keys for: HTTP/dev160.dev.local@DEV.LOCAL
- Added key: 17version: 0
- Found unsupported keytype (18) for HTTP/dev160.dev.local@DEV.LOCAL
- Added key: 23version: 0
- Found unsupported keytype (3) for HTTP/dev160.dev.local@DEV.LOCAL
- Found unsupported keytype (1) for HTTP/dev160.dev.local@DEV.LOCAL
- Looking for keys for: HTTP/dev160.dev.local@DEV.LOCAL
- Added key: 17version: 0
- Found unsupported keytype (18) for HTTP/dev160.dev.local@DEV.LOCAL
- Added key: 23version: 0
- Found unsupported keytype (3) for HTTP/dev160.dev.local@DEV.LOCAL
- Found unsupported keytype (1) for HTTP/dev160.dev.local@DEV.LOCAL
- default etypes for default_tkt_enctypes: 23.
- >>> KrbAsReq creating message
- >>> KrbKdcReq send: kdc=dev-dc01.dev.local UDP:88, timeout=30000, number of retries =3, #bytes=145
- >>> KDCCommunication: kdc=dev-dc01.dev.local UDP:88, timeout=30000,Attempt =1, #bytes=145
- >>> KrbKdcReq send: #bytes read=175
- >>>Pre-Authentication Data:
- PA-DATA type = 11
- PA-ETYPE-INFO etype = 23, salt =
- >>>Pre-Authentication Data:
- PA-DATA type = 19
- PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
- >>>Pre-Authentication Data:
- PA-DATA type = 2
- PA-ENC-TIMESTAMP
- >>>Pre-Authentication Data:
- PA-DATA type = 16
- >>>Pre-Authentication Data:
- PA-DATA type = 15
- >>> KdcAccessibility: remove dev-dc01.dev.local:88
- >>> KDCRep: init() encoding tag is 126 req type is 11
- >>>KRBError:
- sTime is Wed Mar 21 17:32:30 CET 2018 1521649950000
- suSec is 204749
- error code is 25
- error Message is Additional pre-authentication required
- sname is krbtgt/DEV.LOCAL@DEV.LOCAL
- eData provided.
- msgType is 30
- >>>Pre-Authentication Data:
- PA-DATA type = 11
- PA-ETYPE-INFO etype = 23, salt =
- >>>Pre-Authentication Data:
- PA-DATA type = 19
- PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
- >>>Pre-Authentication Data:
- PA-DATA type = 2
- PA-ENC-TIMESTAMP
- >>>Pre-Authentication Data:
- PA-DATA type = 16
- >>>Pre-Authentication Data:
- PA-DATA type = 15
- KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
- default etypes for default_tkt_enctypes: 23.
- Looking for keys for: HTTP/dev160.dev.local@DEV.LOCAL
- Added key: 17version: 0
- Found unsupported keytype (18) for HTTP/dev160.dev.local@DEV.LOCAL
- Added key: 23version: 0
- Found unsupported keytype (3) for HTTP/dev160.dev.local@DEV.LOCAL
- Found unsupported keytype (1) for HTTP/dev160.dev.local@DEV.LOCAL
- Looking for keys for: HTTP/dev160.dev.local@DEV.LOCAL
- Added key: 17version: 0
- Found unsupported keytype (18) for HTTP/dev160.dev.local@DEV.LOCAL
- Added key: 23version: 0
- Found unsupported keytype (3) for HTTP/dev160.dev.local@DEV.LOCAL
- Found unsupported keytype (1) for HTTP/dev160.dev.local@DEV.LOCAL
- default etypes for default_tkt_enctypes: 23.
- >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
- >>> KrbAsReq creating message
- >>> KrbKdcReq send: kdc=dev-dc01.dev.local UDP:88, timeout=30000, number of retries =3, #bytes=228
- >>> KDCCommunication: kdc=dev-dc01.dev.local UDP:88, timeout=30000,Attempt =1, #bytes=228
- >>> KrbKdcReq send: #bytes read=1406
- >>> KdcAccessibility: remove dev-dc01.dev.local:88
- Looking for keys for: HTTP/dev160.dev.local@DEV.LOCAL
- Added key: 17version: 0
- Found unsupported keytype (18) for HTTP/dev160.dev.local@DEV.LOCAL
- Added key: 23version: 0
- Found unsupported keytype (3) for HTTP/dev160.dev.local@DEV.LOCAL
- Found unsupported keytype (1) for HTTP/dev160.dev.local@DEV.LOCAL
- >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
- >>> KrbAsRep cons in KrbAsReq.getReply HTTP/dev160.dev.local
- principal is HTTP/dev160.dev.local@DEV.LOCAL
- Will use keytab
- Commit Succeeded
- Found KeyTab D:ProjekteDEV_Verwaltungapache-tomcatconftomcat.keytab for HTTP/dev160.dev.local@DEV.LOCAL
- Found KeyTab D:ProjekteDEV_Verwaltungapache-tomcatconftomcat.keytab for HTTP/dev160.dev.local@DEV.LOCAL
- Found ticket for HTTP/dev160.dev.local@DEV.LOCAL to go to krbtgt/DEV.LOCAL@DEV.LOCAL expiring on Thu Mar 22 03:32:30 CET 2018
- [Krb5LoginModule]: Entering logout
- [Krb5LoginModule]: logged out Subject
Add Comment
Please, Sign In to add comment