2017-08-24 55 views
0

我已經安裝了一個kerberos服務器。JAAS身份驗證錯誤「java.net.SocketTimeoutException:接收超時」

# Configuration snippets may be placed in this directory as well 
 
includedir /etc/krb5.conf.d/ 
 

 
[logging] 
 
default = FILE:/var/log/krb5libs.log 
 
kdc = FILE:/var/log/krb5kdc.log 
 
admin_server = FILE:/var/log/kadmind.log 
 

 
[libdefaults] 
 
dns_lookup_realm = false 
 
ticket_lifetime = 24h 
 
renew_lifetime = 7d 
 
forwardable = true 
 
rdns = false 
 
default_realm = SNSPRJ.COM 
 
default_ccache_name = KEYRING:persistent:%{uid} 
 

 
[realms] 
 
# EXAMPLE.COM = { 
 
# kdc = kerberos.example.com 
 
# admin_server = kerberos.example.com 
 
# } 
 
    SNSPRJ.COM = { 
 
    kdc = kerberos.snsprj.com 
 
    admin_server = kerberos.snsprj.com 
 
    } 
 

 

 
[domain_realm] 
 
# .example.com = EXAMPLE.COM 
 
# example.com = EXAMPLE.COM 
 
    .snsprj.com = SNSPRJ.COM 
 
    snsprj.com = SNSPRJ.COM

[kdcdefaults] 
 
kdc_ports = 88 
 
kdc_tcp_ports = 88 
 

 
[realms] 
 
SNSPRJ.COM = { 
 
    #master_key_type = aes256-cts 
 
    acl_file = /var/kerberos/krb5kdc/kadm5.acl 
 
    dict_file = /usr/share/dict/words 
 
    admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab 
 
    supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal 
 
} 
 
~  

在Kerberos客戶端,我使用的kinit xiaoxiao/[email protected],它是看到好的

[[email protected] ~]# kinit xiaoxiao/[email protected] 
 
Password for xiaoxiao/[email protected]: 
 
[[email protected] ~]# klist 
 
Ticket cache: KEYRING:persistent:0:0 
 
Default principal: xiaoxiao/[email protected] 
 

 
Valid starting  Expires    Service principal 
 
08/24/2017 13:51:18 08/25/2017 13:51:17 krbtgt/[email protected] 
 
[[email protected] ~]#

但是當我使用JAAS要權威性Kerberos服務器的一些錯誤信息出現: java.net.SocketTimeoutException:收到超時

我有TEY的telnet 192.168.1.196 88這是確定的。

bogon:jaas0822 skh$ telnet 192.168.1.196 88 
 
Trying 192.168.1.196... 
 
Connected to bogon. 
 
Escape character is '^]'.

JAAS認證:http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/AcnOnly.html

我的代碼:

import javax.security.auth.login.*; 
 
import com.sun.security.auth.callback.TextCallbackHandler; 
 

 
/** 
 
* This JaasAcn application attempts to authenticate a user 
 
* and reports whether or not the authentication was successful. 
 
* 
 
* Created by skh on 2017/8/22. 
 
*/ 
 
public class JaasAcn { 
 
    public static void main(String[] args) { 
 

 
     String path = "/workspace/idea/ssm/src/test/java/com/snsprj/jaas0822/"; 
 

 
     System.setProperty("java.security.auth.login.config", path + "jaas.conf"); 
 

 
//  System.setProperty("java.security.krb5.conf", path + "krb5.conf"); 
 

 
     System.setProperty("java.security.krb5.realm", "SNSPRJ.COM"); 
 

 
     System.setProperty("java.security.krb5.kdc", "kerberos.snsprj.com"); 
 

 
     System.setProperty("java.security.krb5.debug", "true"); 
 

 
     // Obtain a LoginContext, needed for authentication. Tell it 
 
     // to use the LoginModule implementation specified by the 
 
     // entry named "JaasSample" in the JAAS login configuration 
 
     // file and to also use the specified CallbackHandler. 
 
     LoginContext lc = null; 
 
     try { 
 
      lc = new LoginContext("JaasSample", new TextCallbackHandler()); 
 

 
      // attempt authentication 
 
      try { 
 
       lc.login(); 
 
      } catch (LoginException le) { 
 
       le.printStackTrace(); 
 
       System.err.println("Authentication failed:"); 
 
       System.err.println(" " + le.getMessage()); 
 
       System.exit(-1); 
 
      } 
 

 
     } catch (LoginException le) { 
 
      System.err.println("Cannot create LoginContext. " + le.getMessage()); 
 

 
     } catch (SecurityException se) { 
 
      System.err.println("Cannot create LoginContext. " + se.getMessage()); 
 
      System.exit(-1); 
 
     } 
 

 
     System.out.println("Authentication succeeded!"); 
 

 
    } 
 
}

是什麼擔心呢?任何人都可以幫助我,非常想你!

回答

0

解決方法:使用TCP

[libdefaults] 
 
dns_lookup_realm = false 
 
ticket_lifetime = 24h 
 
renew_lifetime = 7d 
 
forwardable = true 
 
rdns = false 
 
default_realm = SNSPRJ.COM 
 
default_ccache_name = KEYRING:persistent:%{uid} 
 
# insert by xiaohb 20170824 start 
 
udp_preference_limit = 1 
 
# insert by xiaohb 20170824 end