[27834] in Kerberos
Re: LoginException: Cannot get kdc for realm
daemon@ATHENA.MIT.EDU (preetam R)
Thu May 31 15:39:44 2007
Date: Wed, 30 May 2007 21:02:34 -0700 (PDT)
From: preetam R <rpreetam2001@yahoo.com>
To: Giuseppe Catalano <gpcatalano@gmail.com>, kerberos@mit.edu
In-Reply-To: <4397251b0705300929p687bde8elda794937ae57ecb6@mail.gmail.com>
MIME-Version: 1.0
Message-ID: <897627.34256.qm@web62402.mail.re1.yahoo.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I believe the domain name in the section,
domain_realm is case-sensitive. Add the following
entry and try again
[domain_realm]
..............
.CCC.IT.XXX.YYYY.COM = CCC.IT.XXX.YYYY.COM
.................
Thanks,
Preetam
--- Giuseppe Catalano <gpcatalano@gmail.com> wrote:
> Hi to all.
>
> We have a problem using JAAS for autenticating
> against Microsoft
> Active Directory LDAP and a security service based
> on Microsoft
> Kerberos V5.
>
> We have a krb5.conf like this:
>
> #
> # All rights reserved.
> #
> #pragma ident @(#)krb5.conf 1.1 00/12/08
>
> [libdefaults]
> default_realm = AAA.IT.xxx.YYYY.COM
>
> [realms]
> IT.XXX.YYYY.COM = {
> kdc = SERVER1:88
> }
> AAA.IT.XXX.YYYY.COM = {
> kdc = SERVER2.AAA.IT.XXXP.YYYY.COM:88
> }
> BBB.IT.XXX.YYYY.COM = {
> kdc = SERVER3.BBB.IT.XXX.YYYY.COM:88
> }
> CCC.IT.XXX.YYYY.COM = {
> kdc = SERVER4.CCC.IT.XXX.YYYY.COM:88
> }
> DDD.IT.XXX.YYYY.COM = {
> kdc = SERVER5.DDD.IT.XXX.YYYY.COM:88
> }
>
> [domain_realm]
> .bbb.it.xxx.yyyy.com = BBB.IT.XXX.YYYY.COM
> .aaa.it.xxx.yyyy.com = AAA.IT.XXX.YYYY.COM
> .it.xxx.yyyy.com = IT.XXX.YYYY.COM
> .ccc.it.xxx.yyyy.com = CCC.IT.XXX.YYYY.COM
> .ddd.it.xxx.yyyy.com = DDD.IT.XXX.YYYY.COM
>
> We are developing under Oracle Application Server
> 10.1.3. We load
> krb5.conf file in a servlet with this code:
> System.setProperty("java.security.krb5.conf"..
>
> We autenticate users with these calls:
>
> lc = new LoginContext("MyLogin", new
> CallbackHandler(args));
> lc.login();
>
> We have deployed our web application under a test
> environment and
> everything works. Now we are trying to go on
> production, where we have
> the following error:
>
>
> javax.security.auth.login.LoginException: Cannot
> get kdc for realm
> CC.IT.XXX.YYYY.COM
> at
>
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:652)
>
> at
>
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512)
>
> at
>
sun.reflect.GeneratedMethodAccessor1909.invoke(Unknown
> Source)
>
> at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> at
> java.lang.reflect.Method.invoke(Method.java:585)
>
> at
>
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>
> at
>
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>
> at
>
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)...
> .....
> ....
> Caused by: KrbException: Cannot get kdc for realm
> CCC.IT.XXX.YYYY.COM
>
> at
> sun.security.krb5.KrbKdcReq.send(DashoA12275:133)
>
> at
> sun.security.krb5.KrbKdcReq.send(DashoA12275:106)
>
> at
> sun.security.krb5.KrbAsReq.send(DashoA12275:330)
>
> at
>
sun.security.krb5.Credentials.acquireTGT(DashoA12275:369)
>
> at
>
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:642)
>
> We have deployed another web application inside the
> same application
> server that uses the same framework for
> autentication, that is the
> same classes that we have developed for
> autentication. The other web
> application works correctly, the only difference is
> that we have added
> two more domains in krb5.conf that is deployed with
> each web
> application.
>
> Using kinit the autentication works for the added
> domains.
>
> Does anyone has some suggestion to solve this
> problem?
>
> Thanks in advance.
> Best Regards,
> Giuseppe
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
____________________________________________________________________________________
TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV.
http://tv.yahoo.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
