Hi all, I'm trying to set up a simple (and sample) web application which uses Kerberos as authentication protocol.
I'm using Apache DS 1.5.1 as KDC. I've created two service principals (krbtgt and a principal which belongs to my target service) and a user principal. I'm using JGSS with Sun's Krb5LoginModule with Java 6. Because I don't now how to export the generated keys for the service principal I've set a plain text password for my service principal. I've further created a Keytab using the Java Tool ktab (ktab -a server/[email protected] plaintext password) using the same password as I used when creating the service principal. When I'm trying to run my application the client is able to get the TGT and TGS ticket but on the server side the JGSS context acceptSecContext call fails. The JGSS debug output is: (Mechanism level: Integrity check on decrypted field failed (31)). It seems to me there is something wrong with the keys of the service principal but as I'm starting with Kerberos I'm not sure what exactly causes the problem. My question, is there a way (without writing my own Tool using Ldap/JNDI) to export generated keys of a service principal from Apache DS to a keytab? Or is there another solution and my approach is wrong? Thanks in advance Andrej
