Hi
I've used a famous guide
Followed all steps. When run kinit and klist got success messages.
However when trying to run apex I hit 401 error
Logs looks like this and nothing more about failure Anyone got some ideas ?
>>> KeyTabInputStream, readName(): company.com
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): apex-dev
>>> KeyTab: load() entry length: 58; type: 23
Looking for keys for: HTTP/apex-dev@company.com
Java config name: /apps/tomcat/apache-tomcat-7.0.70/krb5.conf
Loaded from Java config
Added key: 23version: 9
>>> KdcAccessibility: reset
Looking for keys for: HTTP/apex-dev@company.com
Added key: 23version: 9
default etypes for default_tkt_enctypes: 17 23 16.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=AUTH.company.com UDP:88, timeout=30000, number of retries =3, #bytes=137
>>> KDCCommunication: kdc=AUTH.company.com UDP:88, timeout=30000,Attempt =1, #bytes=137
>>> KrbKdcReq send: #bytes read=175
>>>Pre-Authentication Data:
PA-DATA type = 11
PA-ETYPE-INFO etype = 23, salt =
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
>>> KdcAccessibility: remove AUTH.company.com
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Wed Sep 14 19:22:18 BST 2016 1473877338000
suSec is 512389
error code is 25
error Message is Additional pre-authentication required
sname is krbtgt/company.com@company.com
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 11
PA-ETYPE-INFO etype = 23, salt =
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
default etypes for default_tkt_enctypes: 17 23 16.
Looking for keys for: HTTP/apex-dev@company.com
Added key: 23version: 9
Looking for keys for: HTTP/apex-dev@company.com
Added key: 23version: 9
default etypes for default_tkt_enctypes: 17 23 16.
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=AUTH.company.com UDP:88, timeout=30000, number of retries =3, #bytes=219
>>> KDCCommunication: kdc=AUTH.company.com UDP:88, timeout=30000,Attempt =1, #bytes=219
>>> KrbKdcReq send: #bytes read=90
>>> KrbKdcReq send: kdc=AUTH.company.com TCP:88, timeout=30000, number of retries =3, #bytes=219
>>> KDCCommunication: kdc=AUTH.company.com TCP:88, timeout=30000,Attempt =1, #bytes=219
>>>DEBUG: TCPClient reading 1598 bytes
>>> KrbKdcReq send: #bytes read=1598
>>> KdcAccessibility: remove AUTH.company.com
Looking for keys for: HTTP/apex-dev@company.com
Added key: 23version: 9
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/apex-dev
Search Subject for SPNEGO ACCEPT cred (<<DEF>>, sun.security.jgss.spnego.SpNegoCredElement)
Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>, sun.security.jgss.krb5.Krb5AcceptCredential)
Found KeyTab /apps/tomcat/apache-tomcat-7.0.70/conf/tomcat.keytab for HTTP/apex-dev@company.com
Found KeyTab /apps/tomcat/apache-tomcat-7.0.70/conf/tomcat.keytab for HTTP/apex-dev@company.com
Found ticket for HTTP/apex-dev@company.com to go to krbtgt/company.com@company.com expiring on Thu Sep 15 05:22:18 BST 2016