java - KDC - 我们从哪里获得服务器?

标签 java active-directory ldap kerberos gssapi

我正在尝试使用 java 执行 kerberos 身份验证。

我启用了调试。

当尝试使用 tgt 连接到 LDAP 时,我得到(服务器名称已更改):

getRealmFromDNS: trying srv1.myserver.com
getRealmFromDNS: trying srv2.myserver.com
getRealmFromDNS: trying srv1.myserver.com
getRealmFromDNS: trying srv2.myserver.com
Found ticket for <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7b0e081e093b282e39553622283e292d3e2955383436" rel="noreferrer noopener nofollow">[email protected]</a> to go to krbtgt/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="396a6c7b1774606a7c6b6f7c6b177a7674796a6c7b1774606a7c6b6f7c6b177a7674" rel="noreferrer noopener nofollow">[email protected]</a> expiring on Sat Dec 01 02:11:14
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
getRealmFromDNS: trying srv1.myserver.com
getRealmFromDNS: trying srv2.myserver.com
>>> Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 16 3 1.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KdcAccessibility: reset
getKDCFromDNS using UDP
>>> KrbKdcReq send: kdc=server123.myserver.com. UDP:88, timeout=30000, number of retries =3, #bytes=1542
>>> KDCCommunication: kdc=server123.myserver.com. UDP:88, timeout=30000,Attempt=1, #bytes=1542
SocketTimeOutException with attempt: 1
>>> KDCCommunication: kdc=server123.myserver.com. UDP:88, timeout=30000,Attempt=2, #bytes=1542
SocketTimeOutException with attempt: 2
>>> KDCCommunication: kdc=server123.myserver.com. UDP:88, timeout=30000,Attempt=3, #bytes=1542
SocketTimeOutException with attempt: 3
>>> KrbKdcReq send: error trying server123.myserver.com.
java.net.SocketTimeoutException: Receive timed out
        at java.net.DualStackPlainDatagramSocketImpl.socketReceiveOrPeekData(Native Method)
        at java.net.DualStackPlainDatagramSocketImpl.receive0(Unknown Source)
        at java.net.AbstractPlainDatagramSocketImpl.receive(Unknown Source)
        at java.net.DatagramSocket.receive(Unknown Source)
        at sun.security.krb5.internal.UDPClient.receive(Unknown Source)
        at sun.security.krb5.KdcComm$KdcCommunication.run(Unknown Source)
        at sun.security.krb5.KdcComm$KdcCommunication.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.krb5.KdcComm.send(Unknown Source)
        at sun.security.krb5.KdcComm.send(Unknown Source)
        at sun.security.krb5.KdcComm.send(Unknown Source)
        at sun.security.krb5.KrbTgsReq.send(Unknown Source)
        at sun.security.krb5.KrbTgsReq.sendAndGetCreds(Unknown Source)
        at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
        at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)
        at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
        at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
        at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
        at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
        at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
        at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
        at javax.naming.InitialContext.init(Unknown Source)
        at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
        at myApp.JndiAction.performJndiOperation(MyTest.java:577)
        at myApp.JndiAction.run(MyTest.java:551)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Unknown Source)
        at myApp.MyTest.main(MyTest.java:489)
>>> KdcAccessibility: add server123.myserver.com.

我的答案是:

  1. 从哪里获取 kdc 服务器 (server123.myserver.com)?

  2. 我可以更改它吗?

谢谢。

最佳答案

如果您不在 Windows 平台上,请搜索 krb5.conf 文件。有一个 [realms] 部分,其中提供了域和关联的 KDC。

[realms]
        YOURDOMAIN.com = {
                kdc = dc1.yourdomain.com
        }

正如 Michael-O 所指出的,在 Windows 平台上,存在特定的 DNS 记录。

关于java - KDC - 我们从哪里获得服务器?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13680959/

上一篇:uiviewcontroller - 切换到另一个 View ,但保留在导航 Controller 中

下一篇:java - 休息服务: how to produce human readable output using XML + XSLT?

相关文章:

linux - 当我有 groupid 时如何获取 groupname

java - 标准查询 ORDER BY 产生错误。这是 SQL-SERVER 的限制吗?如何在复杂的条件查询上正确排序?

java - 解析一个文件中的多个 JSON 对象

javax.naming.OperationNotSupportedException 具有 Active Directory 的 Java 应用程序

java - Spring LDAP Authentication 的用户账户概念

java - 如何在 Java 中将 YMD LDAP 时间戳转换为日期时间?

c# - Windows 事件日志中的 LdapConnection.SendRequest() 问题

java - 为什么向上转换不显示运行时多态性?

java - Hibernate Validator(如何只接受4个字母和10个数字)

c# - 从 AD 获取扩展属性?

©2024 IT工具网  联系我们