-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
6
-
x86
-
windows_7
FULL PRODUCT VERSION :
java version "1.6.0_13"
Java(TM) SE Runtime Environment (build 1.6.0_13-b03)
Java HotSpot(TM) Client VM (build 11.3-b02, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows 7 64-bit, Windows XP SP3
A DESCRIPTION OF THE PROBLEM :
A keytab file is generated on Active Directory with ktpass.exe, for example with the following command:
C:\Program Files\Support Tools>ktpass /pass krbtest -out C:\temp\krbtestlogin.keytab -princ HTTP/###@###.###L -crypto DES-CBC-MD5 +DumpSalt -ptype KRB5_NT_PRINCIPAL +desOnly /mapOp set /mapUser krbtest
This results in output:
Key created.
Output keytab to C:\temp\krbtestlogin.keytab:
Keytab version: 0x502
keysize 54 HTTP/###@###.###L ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0
x3 (DES-CBC-MD5) keylength 8 (0xa1a726f44a250edc)
Looking into the .keytab file with hex view, the key is on the end of the file (the last 8 bytes are the key: A1 A7 26 F4 4A 25 0E DC)
Running the klist.exe tool to print out the key returns a false value:
c:\Downloads>C:\java\jdk1.6.0_13\bin\klist.exe -K -k krbtestlogin.keytab"
Key tab: krbtestlogin.keytab, 1 entry found.
[1] Service principal: HTTP/###@###.###L
KVNO: 6
Key: 0xa1a726f44a25edc
You can see that instead of "0e" it returned only "e".
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Create an Active Directory user, set the user name to krbtest, and it's password also to krbtest
2. Create keytab file with ktpass command (a full sample command in the description), use DES-CBC-MD5 encryption.
3. Check the key with the JDK's klist.exe tool (a sample command in the description).
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The output of the klist.exe should match the hex values contained in the keytab file.
ACTUAL -
The output of the klist.exe does not match the hex values contained in the keytab file, leading zeros of bytes are omitted.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
If you change the password for the principal user and set it to something else, the generated key might not contain zero.
java version "1.6.0_13"
Java(TM) SE Runtime Environment (build 1.6.0_13-b03)
Java HotSpot(TM) Client VM (build 11.3-b02, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows 7 64-bit, Windows XP SP3
A DESCRIPTION OF THE PROBLEM :
A keytab file is generated on Active Directory with ktpass.exe, for example with the following command:
C:\Program Files\Support Tools>ktpass /pass krbtest -out C:\temp\krbtestlogin.keytab -princ HTTP/###@###.###L -crypto DES-CBC-MD5 +DumpSalt -ptype KRB5_NT_PRINCIPAL +desOnly /mapOp set /mapUser krbtest
This results in output:
Key created.
Output keytab to C:\temp\krbtestlogin.keytab:
Keytab version: 0x502
keysize 54 HTTP/###@###.###L ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0
x3 (DES-CBC-MD5) keylength 8 (0xa1a726f44a250edc)
Looking into the .keytab file with hex view, the key is on the end of the file (the last 8 bytes are the key: A1 A7 26 F4 4A 25 0E DC)
Running the klist.exe tool to print out the key returns a false value:
c:\Downloads>C:\java\jdk1.6.0_13\bin\klist.exe -K -k krbtestlogin.keytab"
Key tab: krbtestlogin.keytab, 1 entry found.
[1] Service principal: HTTP/###@###.###L
KVNO: 6
Key: 0xa1a726f44a25edc
You can see that instead of "0e" it returned only "e".
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Create an Active Directory user, set the user name to krbtest, and it's password also to krbtest
2. Create keytab file with ktpass command (a full sample command in the description), use DES-CBC-MD5 encryption.
3. Check the key with the JDK's klist.exe tool (a sample command in the description).
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The output of the klist.exe should match the hex values contained in the keytab file.
ACTUAL -
The output of the klist.exe does not match the hex values contained in the keytab file, leading zeros of bytes are omitted.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
If you change the password for the principal user and set it to something else, the generated key might not contain zero.
- duplicates
-
-
- Resolved
-