Java を使用して kerberos 認証を実行しようとしています。
デバッグを有効にしました。
tgt を使用して LDAP に接続しようとすると、次のようになります (サーバー名が変更されました)。
getRealmFromDNS: trying srv1.myserver.com
getRealmFromDNS: trying srv2.myserver.com
getRealmFromDNS: trying srv1.myserver.com
getRealmFromDNS: trying srv2.myserver.com
Found ticket for user@SUB.MYSERVER.COM to go to krbtgt/SUB.MYSERVER.COM@SUB.MYSERVER.COM expiring on Sat Dec 01 02:11:14
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
getRealmFromDNS: trying srv1.myserver.com
getRealmFromDNS: trying srv2.myserver.com
>>> Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 16 3 1.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KdcAccessibility: reset
getKDCFromDNS using UDP
>>> KrbKdcReq send: kdc=server123.myserver.com. UDP:88, timeout=30000, number of retries =3, #bytes=1542
>>> KDCCommunication: kdc=server123.myserver.com. UDP:88, timeout=30000,Attempt=1, #bytes=1542
SocketTimeOutException with attempt: 1
>>> KDCCommunication: kdc=server123.myserver.com. UDP:88, timeout=30000,Attempt=2, #bytes=1542
SocketTimeOutException with attempt: 2
>>> KDCCommunication: kdc=server123.myserver.com. UDP:88, timeout=30000,Attempt=3, #bytes=1542
SocketTimeOutException with attempt: 3
>>> KrbKdcReq send: error trying server123.myserver.com.
java.net.SocketTimeoutException: Receive timed out
at java.net.DualStackPlainDatagramSocketImpl.socketReceiveOrPeekData(Native Method)
at java.net.DualStackPlainDatagramSocketImpl.receive0(Unknown Source)
at java.net.AbstractPlainDatagramSocketImpl.receive(Unknown Source)
at java.net.DatagramSocket.receive(Unknown Source)
at sun.security.krb5.internal.UDPClient.receive(Unknown Source)
at sun.security.krb5.KdcComm$KdcCommunication.run(Unknown Source)
at sun.security.krb5.KdcComm$KdcCommunication.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.krb5.KdcComm.send(Unknown Source)
at sun.security.krb5.KdcComm.send(Unknown Source)
at sun.security.krb5.KdcComm.send(Unknown Source)
at sun.security.krb5.KrbTgsReq.send(Unknown Source)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)
at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at myApp.JndiAction.performJndiOperation(MyTest.java:577)
at myApp.JndiAction.run(MyTest.java:551)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at myApp.MyTest.main(MyTest.java:489)
>>> KdcAccessibility: add server123.myserver.com.
私の答えは次のとおりです。
kdc サーバー (server123.myserver.com) を取得した場所は?
変更できますか?
ありがとう。