I am trying to follow this tutorial for spring-security-kerberos
I have keytab with one main in it:
ktutil: rkt http-web.keytab
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 3 HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM
This keytab command was generated on the win2k8 domain controller using this command:
ktpass /out http-web.keytab /mapuser aulfeldt-hta-nightly@WAD.ENG.HYTRUST.COM /princ HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM /pass *
which was copied over the test web server used in spnego.xml:
<bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
<property name="servicePrincipal" value="HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM" />
<property name="keyTabLocation" value="/WEB-INF/http-web.keytab" />
<property name="debug" value="true" />
</bean>
but cannot find the principal:
Key for the principal HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM not available in
jndi:/localhost/spring-security-kerberos-sample-1.0.0.CI-SNAPSHOT/WEB-INF/http-web.keytab
[Krb5LoginModule] authentication failed
Unable to obtain password from user
I tried joining a web server (Centos 5.5, tomcat6) to AD WAD.ENG.HYTRUST.COM and logging in using AD credentials, and then using the principal from / etc / krb 5.keytab just to see if he read ... the same answer. I also tried many options in upper and lower case names.
ps checked this with git this morning.