'kinit' command may fail to run/execute while setting up KERBEROS authentication on TIBCO Spotfire Server
Article ID: KB0079998
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
You may come across below error message while running 'kinit' command to test/validate keytab file:
------------- ----------------------------------------------------------------------------------------------------------------------------------
> <installation dir>\jdk\jre\bin\kinit.exe -k -t <keytab file> HTTP/<fully qualified hostname>[:<port>]@<realm>
- Sample command:
C:\tibco\tss\7.11.0\jdk\jre\bin>kinit -k -t "C:\tibco\tss\7.11.0\jdk\jre\lib\security\spotfire.keytab" HTTP/tsstest.lab@TSSTEST.LAB
- Output:
--------------------------------------------------------
Exception: krb_error 24 Pre-authentication information was invalid (24) Pre-auth
entication information was invalid
KrbException: Pre-authentication information was invalid (24)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76)
at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
--------------------------------------------------------
Issue/Introduction
Environment
Resolution
These are the most common reasons for error "Pre-authentication information was invalid (24)".
- If the password has been changed then re-create the keytab file (using ktpass command) with a new password.
NOTE: One needs to create a new keytab file each time the password is changed/updated, for the Service account specified in the "/mapuser" parameter in the KTPASS command.
Feedback
