Java fixed a bug on key version check in 6u21. The error message looks like the keytab is not the latest one. Each time ktpass.exe is called, it increments the key version number for the service, so you must always use the last generated keytab file on the server.
Thanks Weijun On 12/10/2010 06:10 AM, michal wrote: > Hi, > Have a problem with setting up Tomcat (Java servlet container) for > SPNEGO authentication in Active Directory domain. The implementation > is based on JGSS available in Oracle JDK 1.6.0_22 > 1. Keytab is generated using ktpass utility. > 2. Server (Tomcat) obtains a service ticket from the keytab. > 3. Server sends Negotiate header to the browser > 4. The browser sends an encoded kerberos ticket to the server > 5. Ooops... The server prints out exception message "Specified version > of key is not available" and refuses to establish GSS context. > All is setup exactly as described here: > http://blog.springsource.com/2009/09/28/spring-security-kerberos > and works perfectly with MIT Kerberos (even with Windows clients > configured using ksetup tool). > I've googled around and could not find anything. Anybody has any idea > what is wrong? > Thanks for any suggestions. > Michal > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
