API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 17th, 2015
363
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.78 KB | None | 0 0
raw download clone embed print report
  1. setspn -A HTTP/adjavatest1.test.company.info TESTadministrator
  2.  
  3. >setspn -L TESTadministrator
  4. Registered ServicePrincipalNames for CN=Administrator,CN=Users,DC=test,DC=company,DC=info:
  5. HTTP/adjavatest1.test.company.info
  6.  
  7. >ktpass -princ HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO -pass pswd123 -mapuser TESTAdministrator -out . adjavatest1.HTTP.keytab -ptype KRB5_NT_PRINCIPAL -crypto All
  8. Targeting domain controller: adjavatest1.test.company.info
  9. Using legacy password setting method
  10. Successfully mapped HTTP/adjavatest1.test.company.info to Administrator.
  11. Key created.
  12. Key created.
  13. Key created.
  14. Key created.
  15. Key created.
  16. Output keytab to . adjavatest1.HTTP.keytab:
  17. Keytab version: 0x502
  18. keysize 85 HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x1 (DES-CBC-CRC) keylength 8 (0x6da81379831f37ad)
  19. keysize 85 HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x3 (DES-CBC-MD5) keylength 8 (0x6da81379831f37ad)
  20. keysize 93 HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x17 (RC4-HMAC ) keylength 16 (0xe32edb70a8df744e3b0f87ea7ff515f7)
  21. keysize 109 HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x12 (AES256-SHA1) keylength 32 (0xf744e212c2e48e34c815364c0b5290a68b37b6c65a7cd0befcbcc2625e3e6c79)
  22. keysize 93 HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x11 (AES128-SHA1) keylength 16 (0x20f3474a818d4d326136449a8a660e2c)
  23.  
  24. c:Program FilesJavajre1.8.0_65libsecurity
  25. c:Program FilesJavajdk1.8.0_65jrelibsecurity
  26.  
  27. HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsaKerberos
  28. Value Name: allowtgtsessionkey
  29. Value: 0x1
  30.  
  31. server:
  32. port: 80
  33. app:
  34. ad-domain: TEST.COMPANY.INFO
  35. ad-server: ldap://ADJAVATEST1.TEST.COMPANY.INFO/
  36. service-principal: HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
  37. keytab-location: adjavatest1.HTTP.keytab
  38. ldap-search-base: DC=TEST,DC=COMPANY,DC=INFO
  39. ldap-search-filter: "(| (userPrincipalName={0}) (sAMAccountName={0}))"
  40.  
  41. [libdefaults]
  42. default_realm = TEST.COMPANY.INFO
  43. permitted_enctypes = arcfour-hmac-md5 rc4-hmac aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
  44. default_tgs_enctypes = arcfour-hmac-md5 rc4-hmac aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
  45. default_tkt_enctypes = arcfour-hmac-md5 rc4-hmac aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
  46. dns_lookup_kdc = true
  47. dns_lookup_realm = false
  48.  
  49. [realms]
  50. TEST.COMPANY.INFO = {
  51. kdc = ADJAVATEST1.TEST.COMPANY.INFO
  52. admin_server = ADJAVATEST1.TEST.COMPANY.INFO
  53. master_kdc = ADJAVATEST1.TEST.COMPANY.INFO
  54. default_domain = TEST.COMPANY.INFO
  55. }
  56.  
  57. [domain_realm]
  58. .TEST.COMPANY.INFO = TEST.COMPANY.INFO
  59. TEST.COMPANY.INFO = TEST.COMPANY.INFO
  60.  
  61. 2015-12-17 08:55:35.893 DEBUG 1876 --- [p-nio-80-exec-3] w.a.SpnegoAuthenticationProcessingFilter : Received Negotiate Header for request http:// kpiq-dev.test.company.info/hello: Negotiate YIIH ...trucated... H4qgvsM
  62. 2015-12-17 08:55:35.893 DEBUG 1876 --- [p-nio-80-exec-3] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider
  63. 2015-12-17 08:55:35.893 DEBUG 1876 --- [p-nio-80-exec-3] .a.KerberosServiceAuthenticationProvider : Try to validate Kerberos Token
  64. Found KeyTab c:SpringSSO adjavatest1.HTTP.keytab for HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
  65. Found KeyTab c:SpringSSO adjavatest1.HTTP.keytab for HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
  66. Entered Krb5Context.acceptSecContext with state=STATE_NEW
  67. Java config name: .krb5.conf
  68. Loaded from Java config
  69. >>> KeyTabInputStream, readName(): TEST.COMPANY.INFO
  70. >>> KeyTabInputStream, readName(): HTTP
  71. >>> KeyTabInputStream, readName(): adjavatest1.test.company.info
  72. >>> KeyTab: load() entry length: 85; type: 1
  73. >>> KeyTabInputStream, readName(): TEST.COMPANY.INFO
  74. >>> KeyTabInputStream, readName(): HTTP
  75. >>> KeyTabInputStream, readName(): adjavatest1.test.company.info
  76. >>> KeyTab: load() entry length: 85; type: 3
  77. >>> KeyTabInputStream, readName(): TEST.COMPANY.INFO
  78. >>> KeyTabInputStream, readName(): HTTP
  79. >>> KeyTabInputStream, readName(): adjavatest1.test.company.info
  80. >>> KeyTab: load() entry length: 93; type: 23
  81. >>> KeyTabInputStream, readName(): TEST.COMPANY.INFO
  82. >>> KeyTabInputStream, readName(): HTTP
  83. >>> KeyTabInputStream, readName(): adjavatest1.test.company.info
  84. >>> KeyTab: load() entry length: 109; type: 18
  85. >>> KeyTabInputStream, readName(): TEST.COMPANY.INFO
  86. >>> KeyTabInputStream, readName(): HTTP
  87. >>> KeyTabInputStream, readName(): adjavatest1.test.company.info
  88. >>> KeyTab: load() entry length: 93; type: 17
  89. Looking for keys for: HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
  90. Added key: 17version: 5
  91. Added key: 18version: 5
  92. Added key: 23version: 5
  93. Found unsupported keytype (3) for HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
  94. Found unsupported keytype (1) for HTTP/adjavatest1.test.company.info@TEST.COMPANY.INFO
  95. >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
  96. 2015-12-17 08:55:36.236 WARN 1876 --- [p-nio-80-exec-3] w.a.SpnegoAuthenticationProcessingFilter : Negotiate Header was invalid: Negotiate YIIHNAYGKwYBBQU ...trucated... dH4qgvsM
  97.  
  98. org.springframework.security.authentication.BadCredentialsException: Kerberos validation not successful
  99. at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:71)
  100. at org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:64)
  101. at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
  102. at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
  103. at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:446)
  104. at org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:145)
  105. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  106. ...trucated...
  107. at java.lang.Thread.run(Unknown Source)
  108. Caused by: java.security.PrivilegedActionException: null
  109. at java.security.AccessController.doPrivileged(Native Method)
  110. at javax.security.auth.Subject.doAs(Unknown Source)
  111. at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:68)
  112. ... 45 common frames omitted
  113. Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
  114. at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
  115. at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
  116. at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
  117. at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(Unknown Source)
  118. at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(Unknown Source)
  119. at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
  120. at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
  121. at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:170)
  122. at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:153)
  123. ... 48 common frames omitted
  124. Caused by: sun.security.krb5.KrbCryptoException: Checksum failed
  125. at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Unknown Source)
  126. at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Unknown Source)
  127. at sun.security.krb5.EncryptedData.decrypt(Unknown Source)
  128. at sun.security.krb5.KrbApReq.authenticate(Unknown Source)
  129. at sun.security.krb5.KrbApReq.<init>(Unknown Source)
  130. at sun.security.jgss.krb5.InitSecContextToken.<init>(Unknown Source)
  131. ... 57 common frames omitted
  132. Caused by: java.security.GeneralSecurityException: Checksum failed
  133. at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(Unknown Source)
  134. at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(Unknown Source)
  135. at sun.security.krb5.internal.crypto.Aes256.decrypt(Unknown Source)
  136. ... 63 common frames omitted
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!