我在 JAVA 5 中成功使用 GSSAPI。在 JAVA 6 和 7 中,InitialLdapContext 调用失败,并显示以下堆栈跟踪:
>>>KRBError:
sTime is Fri Jun 14 13:40:01 CEST 2013 1371210001000
suSec is 948732
error code is 7
error Message is Server not found in Kerberos database
realm is DE.XXX.NET
sname is ldap/yyy.de.xxx.net
msgType is 30
KrbException: Server not found in Kerberos database (7)
at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)
at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at kerberos.UserRoles2.getUserRoles(UserRoles2.java:27)
at kerberos.Server$2.run(Server.java:240)
at kerberos.Server$2.run(Server.java:1)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at kerberos.Server.getRoles(Server.java:233)
at kerberos.Server.main(Server.java:95)
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)
at sun.security.krb5.internal.TGSRep.init(Unknown Source)
at sun.security.krb5.internal.TGSRep.<init>(Unknown Source)
... 29 more
Problem searching directory: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]
有人知道 Java 6 或 7 出了什么问题吗?
ktab文件是用jre 7的ktab工具创建的。
"c:\Program Files\Java\jre7\bin\ktab.exe"-a user@DOMAIN.DE 密码 -k my.keytab -n 0 "c:\Program Files\Java\jre7\bin\ktab.exe"-a Service/host@DOMAIN.DE 密码 -k my.keytab -n 0
Windows Server 2008 Activity 目录
请记住:如果我使用 Java 5,InitialLdapContext 调用将按预期工作。
提前致谢
迈克尔
最佳答案
问题已解决。
我为 ldap_url 属性使用了别名 dns 名称。在 Java 1.5 中,别名 dns 名称已解析为真实 dns 名称。在 Java 1.6 和 1.7 中,不会发生解析。
更改为真实的 DNS 名称解决了问题。
关于java - Java 6 和 Java 7 中的 InitialLdapContext 失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17655448/