When connecting to SQL server via keytab warning shown as SPN not available in the keytab file

纵饮孤独 提交于 2019-12-11 16:06:48

问题


I have some doubts regarding generating a keytab file for SQL server kerberos authentication.

SQL server's SPN is:

MSSQLSvc/myhost:1433@MYDOMAIN.COM 

I have created keytab file as:

ktpass -out "C:\Users\myuser\KerberosConf\MSSQL\myappserver.keytab" -princ MSSQLSvc/myhost:1433@MYDOMAIN.COM -mapUser mydomain\myuser-pass Test@123 -crypto AES256-SHA1 -pType KRB5_NT_PRINCIPAL 

When viewing the keytab it shows the correct SPN as:

[1] Service principal: MSSQLSvc/myhost:1433@MYDOMAIN.COM KVNO: 18 

But while referring the keytab file for authenticating it throws the below error:

Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is C:/Users/myuser/KerberosConf/MSSQL/myappserver.keytab refreshKrb5Config is false principal is MSSQLSvc/myhost:1433@MYDOMAIN.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false Key for the principal MSSQLSvc/myhost:1433@MYDOMAIN.COM not available in C:/Users/myuser/KerberosConf/MSSQL/myappserver.keytab 

[Krb5LoginModule] authentication failed Unable to obtain password from user 

javax.security.auth.login.LoginException: Unable to obtain password from user 
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Unknown Source) 
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source) 
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 

Please kindly help me to resolve this

来源:https://stackoverflow.com/questions/57051842/when-connecting-to-sql-server-via-keytab-warning-shown-as-spn-not-available-in-t

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!