我正在从Java 6迁移到Java 7,并且遇到了Kerberos身份验证问题.在我看来,基础加密类型顺序被切换,因此使用了不同的加密类型.在这种情况下Aes128CtsHmacSha1EType,当Java 7运行时,它将用于部分事务. ArcFourHmacEType在运行Java 6和Java 7运行的其他部分时使用.
其他细节:在Windows(Fedora 16)上针对Windows Active Directory服务器运行.
我知道我能得到验证,如果我设置default_tkt_enctypes,default_tgs_enctypes,在krb5.conf文件permitted_enctypes参数工作; 但是,我想让它在没有文件的情况下工作,理想情况下不必强制使用一个或两个enctype.
这是我得到的错误消息:
java.security.PrivilegedActionException: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: Final handshake failed [Caused by GSSException: Token had invalid integrity check (Mechanism level: Corrupt checksum in Wrap token)]]
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at *internal.code*.LDAPAuthenticator.authenticate(LDAPAuthenticator.java:46)
at *internal.code*.LDAPAuthenticatorTest.testUpdateUser(LDAPAuthenticatorTest.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at junit.framework.TestCase.runTest(TestCase.java:154)
at junit.framework.TestCase.runBare(TestCase.java:127)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:118)
at junit.framework.TestSuite.runTest(TestSuite.java:208)
at junit.framework.TestSuite.run(TestSuite.java:203)
at junit.textui.TestRunner.doRun(TestRunner.java:116)
at com.intellij.junit3.JUnit3IdeaTestRunner.doRun(JUnit3IdeaTestRunner.java:139) …