I've got problem with connection using Kerberos authentication. If I use linux kinit with my custom KRB5.conf (connecting to windows kerberos AD), everything works smoothly.
kinit -kVt <MYKEYTAB> <MY_PRINC> -v
keytab specified, forcing -k
Using default cache: /tmp/krb5cc_11574
Using principal: HTTP/<MY_PRINC>@MBID.CZ
Using keytab: <MYKEYTAB>
Authenticated to Kerberos v5
After that i can smoothly use curl to authenticate against web application that has registered my user name:
curl -kLv -i --negotiate -u: "https://someserver/someapi/someoperation"
And i get desired response.
BUT if i use java kinit tool from jdk (same problem occurs in code) it says that i have problem
kinit -J-Dsun.security.krb5.debug=true -J-D"java.security.krb5.conf=<KRB5_CONF_LOCATION>" -t <MYKEYTAB> <MY_PRINC>
The problem is:
>>>KRBError:
sTime is Thu Feb 27 07:14:38 CET 2020 1582784078000
suSec is 280585
error code is 25
error Message is Additional pre-authentication required
sname is krbtgt/<DOMAIN>@<DOMAIN>
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = SALT_FROM_PRINC, s2kparams = null
which leads to 401 unauthorized when i try to authenticate against server "https://someserver/someapi/someoperation"
Both kinits use exactly same keytab, principal and krb5.config file, only unix works.
Thanks a lot!
