only existing users: Pre-authentication information was invalid (24) error
843810Sep 22 2006 — edited Oct 24 2006Our application is java based, and we use JAAS to allow authentication for the users though Active Directory.
In particular we alwyas encourage our prospect clients to use Krb5LoginModule.
We would
1. add new user to AD , set DES for the account, reset the password
2.
setspn -A host/newUser.DOMAIN.COM newUser
setspn -A HTTP/newUser.DOMAIN.COM newUser
run ktpass
pass the keytab to the server where the server application will be running from and setup there
-Djava.security.auth.login.config=c:\config\config.conf
-Djava.security.realm=DOMANNAME
-Djava.security.kdc=<Ip address of kdc>
where config.conf file would have line
Krb5LoginModule tryFirstPass=true storePass=true storeKey=true useKeyTab=true keyTab="c:\keytab.key";
and it works...
However, I have encountered a situation where the above would return
Pre-authentication information was invalid (24) error.
We have reset the password, re-generate the keytab, it is the same time zone ... and nothing.
Then I asked to have a new user added (just to test it) - and it worked for the new user.
Now - what do I need to do to get to work for the hunders of others?
Thanks