Kerberos Troubleshooting

Test the principal name on the Dekho server. This will ensure the Dekho service user was created correctly, and the keytable works as expected.

Step 01> Create the new file:

c:\windows\krb5.ini

Step 02> Insert the following content. Replace the realm (domain name in uppercase) and KDC (domain controller) with the correct values.

[libdefaults]

default_realm = KERB.ESRIAUSTRALIA.COM.AU

dns_lookup_kdc = true

dns_lookup_realm = true

udp_preference_limit = 1

 

[realms]

KERB.ESRIAUSTRALIA.COM.AU = {

kdc = KERBDC.KERB.ESRIAUSTRALIA.COM.AU

default_domain = KERB.ESRIAUSTRALIA.COM.AU

}

Step 03> Open a command prompt and change directory to

C:\Program Files\Java\jre<version>\bin\

Step 04> Run the following command to verify the user is setup on the domain:

kinit Dekhopc

Password for Dekhopc@MYDOMAIN.COM.AU:

New ticket is stored in cache file:

C:\Documents and Settings\Administrator\krb5cc_Administrator

Step 05> Run the following command to verify the keytable for the user Dekhopc is correct.

kinit -k -t c:\Dekhoserver.keytab HTTP/Dekhopc.mydomain.com.au

New ticket is stored in cache file:

C:\Documents and Settings\Administrator\krb5cc_Administrator


LDAP Authorisation with Kerberos Troubleshooting