Java 8更新161中断了HTTPClient Kerberos身份验证
我的HTTPClient Kerberos身份验证设置类似于。我的login.conf如下所示:Java 8更新161中断了HTTPClient Kerberos身份验证,java,security,authentication,kerberos,apache-httpclient-4.x,Java,Security,Authentication,Kerberos,Apache Httpclient 4.x,我的HTTPClient Kerberos身份验证设置类似于。我的login.conf如下所示: com.sun.security.jgss.login { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true useKeyTab=true storeKey=true keyTab=<keytab> principal=<principal>; }; co
com.sun.security.jgss.login {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
useKeyTab=true
storeKey=true
keyTab=<keytab>
principal=<principal>;
};
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
useKeyTab=true
storeKey=true
keyTab=<principal>
principal=<keytab>;
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
useKeyTab=true
storeKey=true
keyTab=<keytab>
principal=<principal>;
};
com.sun.security.jgss.login {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=<keytab>
principal=<principal>;
};
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=<keytab>
principal=<principal>;
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=<keytab>
principal=<principal>;
};
到krb5.conf
,但没有帮助。找到了我自己的答案:
- 从login.conf中删除所有
useTicketCache=true
- 将
添加到rc4 hmac
,默认加密类型
,以及默认加密类型
允许加密类型
com.sun.security.jgss.login {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
useKeyTab=true
storeKey=true
keyTab=<keytab>
principal=<principal>;
};
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
useKeyTab=true
storeKey=true
keyTab=<principal>
principal=<keytab>;
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
useKeyTab=true
storeKey=true
keyTab=<keytab>
principal=<principal>;
};
com.sun.security.jgss.login {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=<keytab>
principal=<principal>;
};
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=<keytab>
principal=<principal>;
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=<keytab>
principal=<principal>;
};
它说我可以在2天内完成。请小心重新启用RC4。此类型现在被视为弱/受损。看见最好查明哪个Kerberos组件(客户端、服务器、KDC、TGS等)仍在使用RC4,并将其重新配置为使用强加密类型(例如AES256)。