Unable to upload AES keys with the Kerberos Management Plugin

  • 7004223
  • 17-Aug-2009
  • 26-Apr-2012


Novell iManager 2.7


The following error is received when trying to import a keytab file that contains AES256 bit encryption key using the Kerberos Management Plug-in.

ImportKey Failed: Verify the PrincipalName: The Name given should be same as
the pricipal name in the key & make sure you are giving the valid Keyfile path
while setting password for Principal ldap/edir01.novell.com@NOVELL.COM


The reason the import is not working with keytabs that contain AES 256 keys is that AES256 is not enabled in JRE. Please download and install the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" from http://java.sun.com/javase/downloads/index_jdk5.jsp. Use the following steps to extract the contents of the jce_policy-1_5_0.zip to JDK lib that iManager is using:

1) Stop Tomcat
2) Extract jce_policy-1_5_0.zip to the JDK library that iManager is using.
a. /opt/novell/jdk1.6.0_13/jre/lib/security for iManager Server
b. <iManager Mobile Unpack Area>/imanager/bin/linux/java/jre/lib/security for iManager mobile

3) Restart Tomcat

Additional Information

Make sure you are using the latest version the Kerberos Management iManager Plug-in.