[Freeipa-users] Authentication Failure from Java - LoginException PREAUTH_FAILED
Darran Lofthouse
darran.lofthouse at jboss.com
Thu May 31 14:37:01 UTC 2012
On 05/31/2012 03:17 PM, Simo Sorce wrote:
> Darran,
> I think you may need to download "Java Cryptography Extension (JCE)
> Unlimited Strength Jurisdiction Policy Files 7"
> See here:
> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
>
> Apparently AES is not fully supported unless you have the JCE which is
> not distributed by default due to restrictions on export as far as I can
> understand.
Thank you for your reply Simo, I have actually been testing this both
with and without the unlimited strength policy - the error message is
the same in both cases, the only difference is that without the policy
in place aes128 is selected instead of aes256.
> If you prefer to restrict your self to rc4-hmac, see the ipa-getkeytab
> man page on how to explicitly request a set of enctypes on a new keytab.
> Please remember that running ipa-getkeytab will invalidate your previous
> keys.
Also to clarify at this stage I am supplying a username and password in
the client - I wanted to get that working first before switching it to a
keytab.
>
>
> HTH.
>
> Simo.
>
More information about the Freeipa-users
mailing list