1. Zuhause
  2. Frage und Antwort
  3. JAAS Auth Kerberos Fehler "java.net.SocketTimeoutException: Empfangen Zeitüberschreitung"

JAAS Auth Kerberos Fehler "java.net.SocketTimeoutException: Empfangen Zeitüberschreitung"

2017-08-24 2 views
0

Ich habe einen Kerberos-Server installiert.JAAS Auth Kerberos Fehler "java.net.SocketTimeoutException: Empfangen Zeitüberschreitung"

# Configuration snippets may be placed in this directory as well 
 
includedir /etc/krb5.conf.d/ 
 

 
[logging] 
 
default = FILE:/var/log/krb5libs.log 
 
kdc = FILE:/var/log/krb5kdc.log 
 
admin_server = FILE:/var/log/kadmind.log 
 

 
[libdefaults] 
 
dns_lookup_realm = false 
 
ticket_lifetime = 24h 
 
renew_lifetime = 7d 
 
forwardable = true 
 
rdns = false 
 
default_realm = SNSPRJ.COM 
 
default_ccache_name = KEYRING:persistent:%{uid} 
 

 
[realms] 
 
# EXAMPLE.COM = { 
 
# kdc = kerberos.example.com 
 
# admin_server = kerberos.example.com 
 
# } 
 
    SNSPRJ.COM = { 
 
    kdc = kerberos.snsprj.com 
 
    admin_server = kerberos.snsprj.com 
 
    } 
 

 

 
[domain_realm] 
 
# .example.com = EXAMPLE.COM 
 
# example.com = EXAMPLE.COM 
 
    .snsprj.com = SNSPRJ.COM 
 
    snsprj.com = SNSPRJ.COM

[kdcdefaults] 
 
kdc_ports = 88 
 
kdc_tcp_ports = 88 
 

 
[realms] 
 
SNSPRJ.COM = { 
 
    #master_key_type = aes256-cts 
 
    acl_file = /var/kerberos/krb5kdc/kadm5.acl 
 
    dict_file = /usr/share/dict/words 
 
    admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab 
 
    supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal 
 
} 
 
~

In der Kerberos-Client, ich benutze kinit xiaoxiao/[email protected] und es ist sehen ok

[[email protected] ~]# kinit xiaoxiao/[email protected] 
 
Password for xiaoxiao/[email protected]: 
 
[[email protected] ~]# klist 
 
Ticket cache: KEYRING:persistent:0:0 
 
Default principal: xiaoxiao/[email protected] 
 

 
Valid starting  Expires    Service principal 
 
08/24/2017 13:51:18 08/25/2017 13:51:17 krbtgt/[email protected] 
 
[[email protected] ~]#

aber wenn ich JAAS verwenden Kerberos-Server einige Fehlermeldung auth auftreten: java.net.SocketTimeoutException: Receive timed out

ich habe tey telnet 192.168.1.196 88, es ist ok.

bogon:jaas0822 skh$ telnet 192.168.1.196 88 
 
Trying 192.168.1.196... 
 
Connected to bogon. 
 
Escape character is '^]'.

JAAS-Authentifizierung: http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/AcnOnly.html

mein Code:

import javax.security.auth.login.*; 
 
import com.sun.security.auth.callback.TextCallbackHandler; 
 

 
/** 
 
* This JaasAcn application attempts to authenticate a user 
 
* and reports whether or not the authentication was successful. 
 
* 
 
* Created by skh on 2017/8/22. 
 
*/ 
 
public class JaasAcn { 
 
    public static void main(String[] args) { 
 

 
     String path = "/workspace/idea/ssm/src/test/java/com/snsprj/jaas0822/"; 
 

 
     System.setProperty("java.security.auth.login.config", path + "jaas.conf"); 
 

 
//  System.setProperty("java.security.krb5.conf", path + "krb5.conf"); 
 

 
     System.setProperty("java.security.krb5.realm", "SNSPRJ.COM"); 
 

 
     System.setProperty("java.security.krb5.kdc", "kerberos.snsprj.com"); 
 

 
     System.setProperty("java.security.krb5.debug", "true"); 
 

 
     // Obtain a LoginContext, needed for authentication. Tell it 
 
     // to use the LoginModule implementation specified by the 
 
     // entry named "JaasSample" in the JAAS login configuration 
 
     // file and to also use the specified CallbackHandler. 
 
     LoginContext lc = null; 
 
     try { 
 
      lc = new LoginContext("JaasSample", new TextCallbackHandler()); 
 

 
      // attempt authentication 
 
      try { 
 
       lc.login(); 
 
      } catch (LoginException le) { 
 
       le.printStackTrace(); 
 
       System.err.println("Authentication failed:"); 
 
       System.err.println(" " + le.getMessage()); 
 
       System.exit(-1); 
 
      } 
 

 
     } catch (LoginException le) { 
 
      System.err.println("Cannot create LoginContext. " + le.getMessage()); 
 

 
     } catch (SecurityException se) { 
 
      System.err.println("Cannot create LoginContext. " + se.getMessage()); 
 
      System.exit(-1); 
 
     } 
 

 
     System.out.println("Authentication succeeded!"); 
 

 
    } 
 
}

ist etwas, Sorge? Jeder kann mir helfen, denke sehr!

Quelle

2017-08-24 Shane

Antwort

0

Lösung: Einsatz TCP

[libdefaults] 
 
dns_lookup_realm = false 
 
ticket_lifetime = 24h 
 
renew_lifetime = 7d 
 
forwardable = true 
 
rdns = false 
 
default_realm = SNSPRJ.COM 
 
default_ccache_name = KEYRING:persistent:%{uid} 
 
# insert by xiaohb 20170824 start 
 
udp_preference_limit = 1 
 
# insert by xiaohb 20170824 end

Quelle

2017-08-24 10:07:20 Shane

Verwandte Themen

 Verwandte Themen