Kerberos“;找不到任何Kerberos密钥“;使用Java 1.7-无法识别接受者凭据
我想通过一个带有键标签的广告来识别一项服务。它成功地使用了Java8,但没有使用Java6或Java7。两者都失败,出现错误Kerberos“;找不到任何Kerberos密钥“;使用Java 1.7-无法识别接受者凭据,java,kerberos,keytab,Java,Kerberos,Keytab,我想通过一个带有键标签的广告来识别一项服务。它成功地使用了Java8,但没有使用Java6或Java7。两者都失败,出现错误GSSException:未提供有效凭据(机制级别:找不到任何Kerberos密钥) 在这两种情况下,我都使用isInitiator=true,因为如果没有,它就会失败。据我所见,Java 8在文件中找到了一个启动器凭据和一个接受方凭据: >>> KeyTab: load() entry length: 70; type: 23 Looking for k
GSSException:未提供有效凭据(机制级别:找不到任何Kerberos密钥)isInitiator=true>>> KeyTab: load() entry length: 70; type: 23
Looking for keys for: HTTP/server.firm.com@FIRM.COM
Added key: 23version: 3
KdcAccessibility: reset
Looking for keys for: HTTP/server.firm.com@FIRM.COM
Added key: 23version: 3
...
Search Subject for Kerberos V5 INIT cred (HTTP/server.firm.com@FIRM.COM sun.security.jgss.krb5.Krb5InitCredential)
Found ticket for HTTP/server.firm.com@FIRM.COM to go to krbtgt/FIRM.COM@FIRM.COM expiring on Fri Aug 28 19:21:38 CEST 2015
Search Subject for Kerberos V5 ACCEPT cred (HTTP/server.firm.com@FIRM.COM, sun.security.jgss.krb5.Krb5AcceptCredential)
Found ticket for HTTP/server.firm.com@FIRM.COM to go to krbtgt/FIRM.COM@FIRM.COM expiring on Fri Aug 28 19:21:38 CEST 2015
>>> KeyTab: load() entry length: 70; type: 23
Added key: 23version: 3
Search Subject for Kerberos V5 INIT cred (HTTP/server.firm.com@FIRM.COM, sun.security.jgss.krb5.Krb5InitCredential)
Found ticket for HTTP/server.firm.com@FIRM.COM to go to krbtgt/FIRM.COM@FIRM.COM expiring on Fri Aug 28 19:20:35 CEST 2015
Search Subject for Kerberos V5 ACCEPT cred (HTTP/server.firm.com@FIRM.COM, sun.security.jgss.krb5.Krb5AcceptCredential)
Exception in thread "main" java.lang.Error: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Key)
at test.KerberosTicketRetriever$TicketCreatorAction.run(KerberosTicketRetriever.java:97)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:454)
at ff.support.kerberos.KerberosTicketRetriever.retrieveTicket(KerberosTicketRetriever.java:223)
at ff.support.kerberos.KerberosTicketRetriever.main(KerberosTicketRetriever.java:292)
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Key)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:95)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:111)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:178)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:422)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:42)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:139)
at ff.support.kerberos.KerberosTicketRetriever$TicketCreatorAction.createTicket(KerberosTicketRetriever.java:116)
at ff.support.kerberos.KerberosTicketRetriever$TicketCreatorAction.run(KerberosTicketRetriever.java:93)
... 4 more
>>> KeyTab: load() entry length: 70; type: 23
Looking for keys for: HTTP/server.firm.com@FIRM.COM
Added key: 23version: 3
KdcAccessibility: reset
Looking for keys for: HTTP/server.firm.com@FIRM.COM
Added key: 23version: 3
...
Search Subject for Kerberos V5 INIT cred (HTTP/server.firm.com@FIRM.COM sun.security.jgss.krb5.Krb5InitCredential)
Found ticket for HTTP/server.firm.com@FIRM.COM to go to krbtgt/FIRM.COM@FIRM.COM expiring on Fri Aug 28 19:21:38 CEST 2015
Search Subject for Kerberos V5 ACCEPT cred (HTTP/server.firm.com@FIRM.COM, sun.security.jgss.krb5.Krb5AcceptCredential)
Found ticket for HTTP/server.firm.com@FIRM.COM to go to krbtgt/FIRM.COM@FIRM.COM expiring on Fri Aug 28 19:21:38 CEST 2015
>>> KeyTab: load() entry length: 70; type: 23
Added key: 23version: 3
Search Subject for Kerberos V5 INIT cred (HTTP/server.firm.com@FIRM.COM, sun.security.jgss.krb5.Krb5InitCredential)
Found ticket for HTTP/server.firm.com@FIRM.COM to go to krbtgt/FIRM.COM@FIRM.COM expiring on Fri Aug 28 19:20:35 CEST 2015
Search Subject for Kerberos V5 ACCEPT cred (HTTP/server.firm.com@FIRM.COM, sun.security.jgss.krb5.Krb5AcceptCredential)
Exception in thread "main" java.lang.Error: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Key)
at test.KerberosTicketRetriever$TicketCreatorAction.run(KerberosTicketRetriever.java:97)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:454)
at ff.support.kerberos.KerberosTicketRetriever.retrieveTicket(KerberosTicketRetriever.java:223)
at ff.support.kerberos.KerberosTicketRetriever.main(KerberosTicketRetriever.java:292)
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Key)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:95)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:111)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:178)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:422)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:42)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:139)
at ff.support.kerberos.KerberosTicketRetriever$TicketCreatorAction.createTicket(KerberosTicketRetriever.java:116)
at ff.support.kerberos.KerberosTicketRetriever$TicketCreatorAction.run(KerberosTicketRetriever.java:93)
... 4 more
我真的不明白keytab什么时候是启动器,什么时候不是,以及为什么不同版本的java会导致不同的结果。有人能帮忙吗?很抱歉回到基本问题上来,但是。。。您是否使用OpenJDK、Sun/Oracle JVM或其他工具运行测试?在Sun/Oracle的案例中,您是否下载了“无限强度”加密政策JAR(由于过时的美国出口法规,默认情况下未启用AES256)?顺便说一句,有一个跟踪标志可能会证明很有用,参见。