kinit error - Tm1web SSO with Kerberos authentication
Posted: Wed Nov 20, 2019 12:45 pm
Hello Everyone,
One of our customer would like to have SSO for tm1web on mode 3. I am working on setting up the Kerberos authentication for tm1web for SSO in my local.
Followed the below link for reference:
https://www.ibm.com/support/knowledgece ... pnego.html
But kinit command >kinit -k -t -J-Dcom.ibm.security.krb5.Krb5Debug=all ..\..\krb5.keytab HTTP/host.xyzdomain.local
throws error as
[KRB_DBG_KDC] KdcComm: main: >>> KdcAccessibility: remove xyzdomain.local: 88
[KRB_DBG_CFG] KDCRep: main: >>> KDCRep: init () encoding tag is 126 req type is 11
[KRB_DBG_KDC] KRBError: main: >>> KRBError:
[KRB_DBG_KDC] KRBError: main: sTime is Tue Nov 19 14:48:30 CET 2019 1574171310000
[KRB_DBG_KDC] KRBError: main: suSec is 956052
[KRB_DBG_KDC] KRBError: main: error code is 14
[KRB_DBG_KDC] KRBError: main: error The message is KDC does not support the encryption type
[KRB_DBG_KDC] KRBError: main: sname is krbtgt/XYZDOMAIN.LOCAL@XYZDOMAIN.LOCAL
[KRB_DBG_KDC] KRBError: main: eData is provided.
[KRB_DBG_KDC] KRBError: main: msgType is 30
[KRB_DBG_KDC] KRBError: main: Unknown eData field of KRB ERROR:
0000: 30 21 30 09 a1 03 02 01 02 a2 02 04 00 30 09 a1 0.0 .......... 0 ..
0010: 03 02 01 10 a2 02 04 00 30 09 a1 03 02 01 0f a2 ........ 0 .......
0020: 02 04 00 ...
com.ibm.security.krb5.KrbException, status code: 14
Message: KDC does not support the encryption type
Anybody having any idea/suggestion about the problem to slove.
Thanks buddies.
One of our customer would like to have SSO for tm1web on mode 3. I am working on setting up the Kerberos authentication for tm1web for SSO in my local.
Followed the below link for reference:
https://www.ibm.com/support/knowledgece ... pnego.html
But kinit command >kinit -k -t -J-Dcom.ibm.security.krb5.Krb5Debug=all ..\..\krb5.keytab HTTP/host.xyzdomain.local
throws error as
[KRB_DBG_KDC] KdcComm: main: >>> KdcAccessibility: remove xyzdomain.local: 88
[KRB_DBG_CFG] KDCRep: main: >>> KDCRep: init () encoding tag is 126 req type is 11
[KRB_DBG_KDC] KRBError: main: >>> KRBError:
[KRB_DBG_KDC] KRBError: main: sTime is Tue Nov 19 14:48:30 CET 2019 1574171310000
[KRB_DBG_KDC] KRBError: main: suSec is 956052
[KRB_DBG_KDC] KRBError: main: error code is 14
[KRB_DBG_KDC] KRBError: main: error The message is KDC does not support the encryption type
[KRB_DBG_KDC] KRBError: main: sname is krbtgt/XYZDOMAIN.LOCAL@XYZDOMAIN.LOCAL
[KRB_DBG_KDC] KRBError: main: eData is provided.
[KRB_DBG_KDC] KRBError: main: msgType is 30
[KRB_DBG_KDC] KRBError: main: Unknown eData field of KRB ERROR:
0000: 30 21 30 09 a1 03 02 01 02 a2 02 04 00 30 09 a1 0.0 .......... 0 ..
0010: 03 02 01 10 a2 02 04 00 30 09 a1 03 02 01 0f a2 ........ 0 .......
0020: 02 04 00 ...
com.ibm.security.krb5.KrbException, status code: 14
Message: KDC does not support the encryption type
Anybody having any idea/suggestion about the problem to slove.
Thanks buddies.