"Exception: krb_error 41 Message stream modified (41) message stream modified" while running 'kinit' command during Spotfire server Kerberos setup.
Article ID: KB0075707
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
This article will explain the root cause and solution to resolve the below exception while running 'kinit' command :
---------------
kinit.bat -k -t <spotfire_Server_Install_dir>\tomcat\spotfire-config\Spotfire.keytab HTTP/test_tssserver.demo.com@demo.com
Exception: krb_error 41 Message stream modified (41) Message stream modified
KrbException: Message stream modified (41)
at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:45)
at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:158)
at sun.security.krb5.KrbAsRep.decryptUsingKeyTab(KrbAsRep.java:121)
at sun.security.krb5.KrbAsReqBuilder.resolve(KrbAsReqBuilder.java:285)
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
-----------------
Cause:
You may come across this exception when you run above 'kinit' command with realm in lower case(for example: @demo.com).
---------------
kinit.bat -k -t <spotfire_Server_Install_dir>\tomcat\spotfire-config\Spotfire.keytab HTTP/test_tssserver.demo.com@demo.com
Exception: krb_error 41 Message stream modified (41) Message stream modified
KrbException: Message stream modified (41)
at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:45)
at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:158)
at sun.security.krb5.KrbAsRep.decryptUsingKeyTab(KrbAsRep.java:121)
at sun.security.krb5.KrbAsReqBuilder.resolve(KrbAsReqBuilder.java:285)
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
-----------------
Cause:
You may come across this exception when you run above 'kinit' command with realm in lower case(for example: @demo.com).
Issue/Introduction
"Exception: krb_error 41 Message stream modified (41) message stream modified" while running 'kinit' command during Spotfire server Kerberos setup.
Environment
All Supported OS
Resolution
There are two things that need to check:
A)
- Check whether the keytab file that you have generated (using ktpass command) earlier has the realm in lower case. If yes, you need to run ktpass command again to create keytab file with realm in upper case and use this newly created keytab file in rest of kerberos configuration.
Refer below manual for more information related to ktpass command and realm part in command:
https://docs.tibco.com/pub/spotfire_server/10.3.8/doc/html/TIB_sfire_server_tsas_admin_help/GUID-48920907-A433-4383-9637-52457D05C68A.html
- After creating new keytab file in above step, run kinit command with realm in upper case as below:
---------
kinit.bat -k -t <spotfire_Server_Install_dir>\tomcat\spotfire-config\Spotfire.keytab HTTP/test_tssserver.demo.com@DEMO.COM
----------
B)
- If the keytab file that you have generated (using ktpass command) earlier has the realm in upper case then you only need to run kinit command with realm in upper case as below:
---------
kinit.bat -k -t <spotfire_Server_Install_dir>\tomcat\spotfire-config\Spotfire.keytab HTTP/test_tssserver.demo.com@DEMO.COM
----------
A)
- Check whether the keytab file that you have generated (using ktpass command) earlier has the realm in lower case. If yes, you need to run ktpass command again to create keytab file with realm in upper case and use this newly created keytab file in rest of kerberos configuration.
Refer below manual for more information related to ktpass command and realm part in command:
https://docs.tibco.com/pub/spotfire_server/10.3.8/doc/html/TIB_sfire_server_tsas_admin_help/GUID-48920907-A433-4383-9637-52457D05C68A.html
- After creating new keytab file in above step, run kinit command with realm in upper case as below:
---------
kinit.bat -k -t <spotfire_Server_Install_dir>\tomcat\spotfire-config\Spotfire.keytab HTTP/test_tssserver.demo.com@DEMO.COM
----------
B)
- If the keytab file that you have generated (using ktpass command) earlier has the realm in upper case then you only need to run kinit command with realm in upper case as below:
---------
kinit.bat -k -t <spotfire_Server_Install_dir>\tomcat\spotfire-config\Spotfire.keytab HTTP/test_tssserver.demo.com@DEMO.COM
----------
Additional Information
Refer below manual for more information related to ktpass command and realm part in command:
https://docs.tibco.com/pub/spotfire_server/10.3.8/doc/html/TIB_sfire_server_tsas_admin_help/GUID-48920907-A433-4383-9637-52457D05C68A.html
https://docs.tibco.com/pub/spotfire_server/10.3.8/doc/html/TIB_sfire_server_tsas_admin_help/GUID-48920907-A433-4383-9637-52457D05C68A.html
Feedback
Yes
No
Powered by
