Univention Corporate Server (UCS) » Services for Windows

ID #1333

Keytab won't work with (IBM) Java

Produktlogo UCS UCS 4

Problem: Some versions of (IBM) Java does not work properly with an imported keytab

You will most likely get error messages like:
# java com.ibm.security.krb5.internal.tools.Ktab -k /root/ibmkvno1.keytab -l
The format of key table /root/ibmkvno1.keytab is incorrect. 

Or:

# java com.ibm.security.krb5.internal.tools.Ktab -k /root/ibmkvno1.keytab -l
Empty keytab, name /root/ibmkvno1.keytab

(IBM) Java expects the keytab to contain a key with key version number of 0 (Microsoft Active Directory always exports keys with kvno 0). Keytabs generated by UCS or manually (like described in SDB#1275) usually contain higher key version numbers as the number is increased when a new key is generated (e.g. the accounts password changes).

 

Solution: Modify the keytab to force the kvno to be 0

We created a tool for this special task - you'll find it attached here.

With the help of this tool you can simply recreate the keytab so that it will start with kvno 0 - for example:
python univention-keytab-copy.py -k /root/ibmkvno1.keytab -o /root/ibmkvno0.keytab 

attached files: univention-keytab-copy.py

Tags: UCS 4

Related entries:

Last update: 2015-06-02 10:57
Author: Tim Petersen
Revision: 1.2

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry