Environment
Novell Access Management 3.1
Novell Access Management 3.1 Support Pack 3 applied
Novell Access Management 3.1 Support Pack 3 applied
Situation
When tomcat starts and intializes the kerberos config just fine and they get the required "Commit Succeeded" message, but when they attempt to access a protected resource using the configured kerberos contract they get the following error in the catalina.out....
Entered Krb5Context.acceptSecContext with state=STATE_NEW
<amLogEntry> 2011-03-09T15:45:12Z SEVERE NIDS Application: AM#200104101: AMDEVICEID#1616109A9A6B5489: AMAUTHID#C68F9C615E51B818499FD39BD3424D79: Error processing SPNEGO/Kerberos : Error processing SPNEGO/Kerberos : Error processing SPNEGO/Kerberos : Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44)) </amLogEntry>
<amLogEntry> 2011-03-09T15:45:12Z SEVERE NIDS Application: AM#200104101: AMDEVICEID#1616109A9A6B5489: AMAUTHID#C68F9C615E51B818499FD39BD3424D79: Error processing SPNEGO/Kerberos : Error processing SPNEGO/Kerberos : Error processing SPNEGO/Kerberos : Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44)) </amLogEntry>
Resolution
Customer used the ktab utility to create the keytab file.
The documentation states this should be done with the ktpass utility.
The documentation states this should be done with the ktpass utility.
For more information see the following link:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6984764
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6984764