1 Reply Latest reply: Apr 25, 2013 6:21 AM by Weijun RSS

    SSO not working: "Do not have keys of types listed in default_tkt_enctypes"

    1002280
      Hi,

      this drives me crazy! :-( Since one week I'm trying to get SSO work. I reinstall the whole Windows Server several times. I tried Windows Server 2008 R2 and Windows Server 2012. I installed them in a Virtual Box VM. I only installed Active Directoy (incl. DNS) and then I'm trying to get SSO work.

      So I installed Openfire (3.7.x and also 3.8.x). I tried the included Java version of Openfire and also the latest version of Java.

      I used this tutorial: http://community.igniterealtime.org/docs/DOC-1060
      And also this one: http://community.igniterealtime.org/docs/DOC-1362

      When I call: kinit xmpp/servername.mydomain@REALM -t -k xmpp.keytab I alway get the following error:

      Exception: krb_error 0 Do not have keys of types listed in default_tkt_enctypes
      available; only have keys of following type: No error
      KrbException: Do not have keys of types listed in default_tkt_enctypes available
      ; only have keys of following type:
      at sun.security.krb5.internal.crypto.EType.getDefaults(Unknown Source)
      at sun.security.krb5.KrbAsReqBuilder.build(Unknown Source)
      at sun.security.krb5.KrbAsReqBuilder.send(Unknown Source)
      at sun.security.krb5.KrbAsReqBuilder.action(Unknown Source)
      at sun.security.krb5.internal.tools.Kinit.<init>(Unknown Source)
      at sun.security.krb5.internal.tools.Kinit.main(Unknown Source)

      Why is no type listed in the error message?

      If I open my xmpp.keytab with ktab it shows the xmpp principal, so the keytab file seems to be correct.

      I don't know what to do know, because I can't find any solution for this error with Google, etc.

      Best regards,
      Sascha