Kerberos authentication fails with SPNEGO/Kerberos

  • 7008880
  • 22-Jun-2011
  • 26-Apr-2012

Environment

Novell Access Management 3.1
Novell Access Management 3.1 Support Pack 3 applied

Situation

When tomcat starts and intializes the kerberos config just fine and they get the required "Commit Succeeded" message, but when they attempt to access a protected resource using the configured kerberos contract they get the following error in the catalina.out....

Entered Krb5Context.acceptSecContext with state=STATE_NEW
<amLogEntry> 2011-03-09T15:45:12Z SEVERE NIDS Application: AM#200104101: AMDEVICEID#1616109A9A6B5489: AMAUTHID#C68F9C615E51B818499FD39BD3424D79: Error processing SPNEGO/Kerberos : Error processing SPNEGO/Kerberos : Error processing SPNEGO/Kerberos : Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44)) </amLogEntry>

Resolution

Customer used the ktab utility to create the keytab file.
The documentation states this should be done with the ktpass utility.
For more information see the following link:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6984764