Reputation: 3740
Kerberos Authentication keytab KVNO
I have a network environment where kerberos authentication is setup in corporate standard (i.e. passoword can live only 30days for user). I've installed my java web application on this system which uses keytab file generated by KDC. All works fine until client user changes his network password after 30 + days. Goggling found it's due to KVNO out of synchronization. So as I understand the problem being KVNO sent by client browser is out of sync with keytab's KVNO. I have less knowledge on this network negotiation steps (I use spring security) so I'm waiting for you guys expertise to resolve this.Thanks in advance.
java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
Upvotes: 2
Views: 4545
Answers (2)
Reputation: 3740
After bit of research I found there is a problem related to this with Java 1.6 update 23 to 26. Updating to latest Java resolved the problem for me. Thanks for your input.
Upvotes: 1
Reputation: 1638
Every time the password of an account is changed, it's KVNO is increased. This makes all keytabs for that account invalid. As I understand your question, that is what happened to the service principal you created the keytab for, correct? In that case you need to re-create the keytab.
Upvotes: 4
Related Questions
- jdbc kerberos oracle authentication
- Kerberos 5 Application Server
- spring-security-kerberos can't read keytab?
- Spring boot 2 kerberos Authentication
- JDBC MS SQL Server Kerberos Auth
- Java Kerberos Authentication
- How to configure kerberos on Tomcat/linux server?
- Kerberos user principals in Keytab and KDC with JAAS
- Java app secured by KERBEROS
- Linux keytab file for authentication