We are trying to setup kerberos, initially we had to initialize with kinit for the authentication to work. We have created our principals like everyone else on the team. Now all of a sudden three users are not able to get their kerberos working. Because we are all developers our machines needs to act as servers, so we have our principals created for every machines.
The weird thing is it worked for everyone at the beginning, now it is working only for few. We are able to see our keytab names in klist
This is how we created the keytabs
C:\Windows\system32>ktpass -princ HTTP/<complete system name>@<domain>
-pass <password> -mapuser <keytab_filename>@<domain> -ptype krb
5_nt_principal -kvno 0 -out c:\keytabs\<keytab_filename>Targeting domain controller: <domain server>.<domain>
Successfully mapped HTTP/<complete system name> to <keytab_filename>.
Password succesfully set!
Key created.
Output keytab to c:\keytabs\<keytab_filename>:
Keytab version: 0x502
keysize 84 HTTP/<complete_system_name>@<domain> ptype 1 (KRB5_NT_PR
INCIPAL) vno 0 etype 0x17 (RC4-HMAC) keylength 16 (some hash number)
The only difference I can see (from the kerberos working machine to the non-working machines) is that the response headers are having authorization with negotiate but response headers are not responding with a token. We are not able to figure out what the issue is.
Pragma: no-cache
Connection: keep-alive
Content-Length: 71
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html;charset=UTF-8
Date: Fri, 30 Jun 2017 20:18:06 GMT
Expires: 0
Server: JBoss-EAP/7
WWW-Authenticate: Negotiate
X-Powered-By: Undertow/1
I made sure that the browser is using kerberos with this
Any help is greatly appreciated.
My application was missing the jboss security negotiation dependency in the web module.
Once this dependency was added, the kerberos ticket started to appear in the request and responses