[Freeipa-users] Authentication Failure from Java - LoginException PREAUTH_FAILED
Rob Crittenden
rcritten at redhat.com
Fri Jun 1 14:49:26 UTC 2012
Darran Lofthouse wrote:
> On 05/31/2012 03:17 PM, Simo Sorce wrote:
>> Darran,
>> I think you may need to download "Java Cryptography Extension (JCE)
>> Unlimited Strength Jurisdiction Policy Files 7"
>> See here:
>> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
>>
>>
>> Apparently AES is not fully supported unless you have the JCE which is
>> not distributed by default due to restrictions on export as far as I can
>> understand.
>
> Thank you for your reply Simo, I have actually been testing this both
> with and without the unlimited strength policy - the error message is
> the same in both cases, the only difference is that without the policy
> in place aes128 is selected instead of aes256.
>
>> If you prefer to restrict your self to rc4-hmac, see the ipa-getkeytab
>> man page on how to explicitly request a set of enctypes on a new keytab.
>> Please remember that running ipa-getkeytab will invalidate your previous
>> keys.
>
> Also to clarify at this stage I am supplying a username and password in
> the client - I wanted to get that working first before switching it to a
> keytab.
You might want to check the KDC logs to see if it has any more details
on the failure.
rob
More information about the Freeipa-users
mailing list