Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- setspn -A HTTP/adjavatest1.test.company.info TESTadministrator
- >setspn -L TESTadministrator
- Registered ServicePrincipalNames for CN=Administrator,CN=Users,DC=test,DC=company,DC=info:
- HTTP/adjavatest1.test.company.info
- >ktpass -princ HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO -pass pswd123 -mapuser TESTAdministrator -out . adjavatest1.HTTP.keytab -ptype KRB5_NT_PRINCIPAL -crypto All
- Targeting domain controller: adjavatest1.test.company.info
- Using legacy password setting method
- Successfully mapped HTTP/adjavatest1.test.company.info to Administrator.
- Key created.
- Key created.
- Key created.
- Key created.
- Key created.
- Output keytab to . adjavatest1.HTTP.keytab:
- Keytab version: 0x502
- keysize 85 HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x1 (DES-CBC-CRC) keylength 8 (0x6da81379831f37ad)
- keysize 85 HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x3 (DES-CBC-MD5) keylength 8 (0x6da81379831f37ad)
- keysize 93 HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x17 (RC4-HMAC ) keylength 16 (0xe32edb70a8df744e3b0f87ea7ff515f7)
- keysize 109 HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x12 (AES256-SHA1) keylength 32 (0xf744e212c2e48e34c815364c0b5290a68b37b6c65a7cd0befcbcc2625e3e6c79)
- keysize 93 HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x11 (AES128-SHA1) keylength 16 (0x20f3474a818d4d326136449a8a660e2c)
- c:Program FilesJavajre1.8.0_65libsecurity
- c:Program FilesJavajdk1.8.0_65jrelibsecurity
- HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsaKerberos
- Value Name: allowtgtsessionkey
- Value: 0x1
- server:
- port: 80
- app:
- ad-domain: TEST.COMPANY.INFO
- ad-server: ldap://ADJAVATEST1.TEST.COMPANY.INFO/
- service-principal: HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
- keytab-location: adjavatest1.HTTP.keytab
- ldap-search-base: DC=TEST,DC=COMPANY,DC=INFO
- ldap-search-filter: "(| (userPrincipalName={0}) (sAMAccountName={0}))"
- [libdefaults]
- default_realm = TEST.COMPANY.INFO
- permitted_enctypes = arcfour-hmac-md5 rc4-hmac aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
- default_tgs_enctypes = arcfour-hmac-md5 rc4-hmac aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
- default_tkt_enctypes = arcfour-hmac-md5 rc4-hmac aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
- dns_lookup_kdc = true
- dns_lookup_realm = false
- [realms]
- TEST.COMPANY.INFO = {
- kdc = ADJAVATEST1.TEST.COMPANY.INFO
- admin_server = ADJAVATEST1.TEST.COMPANY.INFO
- master_kdc = ADJAVATEST1.TEST.COMPANY.INFO
- default_domain = TEST.COMPANY.INFO
- }
- [domain_realm]
- .TEST.COMPANY.INFO = TEST.COMPANY.INFO
- TEST.COMPANY.INFO = TEST.COMPANY.INFO
- 2015-12-17 08:55:35.893 DEBUG 1876 --- [p-nio-80-exec-3] w.a.SpnegoAuthenticationProcessingFilter : Received Negotiate Header for request http:// kpiq-dev.test.company.info/hello: Negotiate YIIH ...trucated... H4qgvsM
- 2015-12-17 08:55:35.893 DEBUG 1876 --- [p-nio-80-exec-3] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider
- 2015-12-17 08:55:35.893 DEBUG 1876 --- [p-nio-80-exec-3] .a.KerberosServiceAuthenticationProvider : Try to validate Kerberos Token
- Found KeyTab c:SpringSSO adjavatest1.HTTP.keytab for HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
- Found KeyTab c:SpringSSO adjavatest1.HTTP.keytab for HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
- Entered Krb5Context.acceptSecContext with state=STATE_NEW
- Java config name: .krb5.conf
- Loaded from Java config
- >>> KeyTabInputStream, readName(): TEST.COMPANY.INFO
- >>> KeyTabInputStream, readName(): HTTP
- >>> KeyTabInputStream, readName(): adjavatest1.test.company.info
- >>> KeyTab: load() entry length: 85; type: 1
- >>> KeyTabInputStream, readName(): TEST.COMPANY.INFO
- >>> KeyTabInputStream, readName(): HTTP
- >>> KeyTabInputStream, readName(): adjavatest1.test.company.info
- >>> KeyTab: load() entry length: 85; type: 3
- >>> KeyTabInputStream, readName(): TEST.COMPANY.INFO
- >>> KeyTabInputStream, readName(): HTTP
- >>> KeyTabInputStream, readName(): adjavatest1.test.company.info
- >>> KeyTab: load() entry length: 93; type: 23
- >>> KeyTabInputStream, readName(): TEST.COMPANY.INFO
- >>> KeyTabInputStream, readName(): HTTP
- >>> KeyTabInputStream, readName(): adjavatest1.test.company.info
- >>> KeyTab: load() entry length: 109; type: 18
- >>> KeyTabInputStream, readName(): TEST.COMPANY.INFO
- >>> KeyTabInputStream, readName(): HTTP
- >>> KeyTabInputStream, readName(): adjavatest1.test.company.info
- >>> KeyTab: load() entry length: 93; type: 17
- Looking for keys for: HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
- Added key: 17version: 5
- Added key: 18version: 5
- Added key: 23version: 5
- Found unsupported keytype (3) for HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
- Found unsupported keytype (1) for HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
- >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
- 2015-12-17 08:55:36.236 WARN 1876 --- [p-nio-80-exec-3] w.a.SpnegoAuthenticationProcessingFilter : Negotiate Header was invalid: Negotiate YIIHNAYGKwYBBQU ...trucated... dH4qgvsM
- org.springframework.security.authentication.BadCredentialsException: Kerberos validation not successful
- at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:71)
- at org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:64)
- at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
- at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
- at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:446)
- at org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:145)
- at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
- ...trucated...
- at java.lang.Thread.run(Unknown Source)
- Caused by: java.security.PrivilegedActionException: null
- at java.security.AccessController.doPrivileged(Native Method)
- at javax.security.auth.Subject.doAs(Unknown Source)
- at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:68)
- ... 45 common frames omitted
- Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
- at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
- at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
- at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
- at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(Unknown Source)
- at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(Unknown Source)
- at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
- at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
- at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:170)
- at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:153)
- ... 48 common frames omitted
- Caused by: sun.security.krb5.KrbCryptoException: Checksum failed
- at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Unknown Source)
- at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Unknown Source)
- at sun.security.krb5.EncryptedData.decrypt(Unknown Source)
- at sun.security.krb5.KrbApReq.authenticate(Unknown Source)
- at sun.security.krb5.KrbApReq.<init>(Unknown Source)
- at sun.security.jgss.krb5.InitSecContextToken.<init>(Unknown Source)
- ... 57 common frames omitted
- Caused by: java.security.GeneralSecurityException: Checksum failed
- at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(Unknown Source)
- at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(Unknown Source)
- at sun.security.krb5.internal.crypto.Aes256.decrypt(Unknown Source)
- ... 63 common frames omitted
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement