x509 - Kerberos test using kinit with no password (cert auth) -
i did extensive search before posting q.
we have kerb setup working fine users our internal portal. few users getting following error:
"failed create delegated gssapi token on behalf of http/ssologon.xxx.xxx.xx.com@xxx.xxx.xx.com service@hostname.xxx.xxx.xx.com: minor status=-1765328230, major status=851968, message=cannot find kdc requested realm]"
i can test kerb setup fine server side using kinit using keytab file etc.
issue/q how test same workstations/client pc exhibiting above error.
i use kinit or kinit principal-name prompts password. have disabled passwords authentication , use x509 certs/access card login our pcs/domain.
so, how use kinit or equiv. test kerberos domain workstation using cli , cert authentication.
i have seen kinit -x option not available on jdk1.7/1.8 in win 7 seems. pkinit (mit kerberos) option seems more used web server kdc authentication.
thank in advance , appreciate community's time , effort.
---- additional info 1----
btw, had user purge tickets - klist purge , had try accessing sso site (protected using iwa kerb) , verified issued kerb ticket
5 client: xxjdoe @ xxx.xx.xxx
server: http/ssologon.xxx.xxx.xx.xx @ xxx.xxx.xx.xxx kerbticket encryption type: rsadsi rc4-hmac(nt) ticket flags 0x40a40000 -> forwardable renewable pre_authent ok_as_delegate start time: 4/7/2017 13:54:59 (local) end time: 4/7/2017 23:54:48 (local) renew time: 4/14/2017 13:54:48 (local) session key type: rsadsi rc4-hmac(nt)
-------- end 1 ---------------
Comments
Post a Comment