In this section: |
This section provides several troubleshooting tips for Kerberos.
The krb5.conf file is used to describe the Kerberos realm to be used for authentication and the location of the Key Distribution Center (KDC). This file has the following structure:
[libdefaults] default_realm = MYCOMPANY.COM udp_preference_limit = 1 [realms] MYCOMPANY.COM = { kdc = MYREALM.MYCOMPANY.COM } [domain_realms] .MYCOMPANY.com=MYCOMPANY.COM MYCOMPANY.com=MYCOMPANY.COM
In this example, the Kerberos realm is MYCOMPANY.com and the KDC is located at MYREALM.MYCOMPANY.COM. Additional mapping information is provided in the [domain_realms} section.
The login.conf file is used to configure the authentication mechanism used by Java Authentication and Authorization Service (JAAS). This file has the following structure:
iWayHttpClient { com.sun.security.auth.module.Krb5LoginModule required // debug=true useKeyTab=true storeKey=true doNotPrompt=false; };
In this example, iWayHttpClient is the name to be used by all iWay applications (for example, iSM). The com.sun.security.auth.module.Krb5LoginMobile entry instructs iSM to use the Kerberos 5 login module. If you want to debug the Kerberos authentication process, then uncomment the debug=true statement.
You may encounter a "Could not load configuration file c:\Windows\krb5.ini (the system cannot find the file specified)" error message. For example:
[2011-11-16T12:37:40.998Z] ERROR (W.Retrieve_CRMChannel.1) W.Retrieve_CRMChannel.1: [RequestTargetAuthentication - process()] - Authentication error: Invalid name provided (Mechanism level: Could not load configuration file C:\Windows\krb5.ini (The system cannot find the file specified))
The following workarounds are available to resolve this error:
iWay Software |