Invalid service principal name in Kerberos authentication
It is important to specify the same SPN as it was used while creating the keytab file. If you have not specified the same SPN, the following errors may occur:
- BMCSSG1882E: No Service Principals found in keytab file specified. If you see this message, please correct the service principal name so that it will be the same as you specified it during keytab file creation.
Another problem may arise if you have changed the SPN in the Active Directory but the keytab file has not been regenerated.
This error messages indicates a possible failure due to a discrepancy between the service principal name in the keytab file and the actual service principal name in the TGS or Active Directory. This error can occur when you rename the service principal in the TGS without updating the keytab file. Validate the name (case-sensitive) and re-generate the keytab file if the service principal name has changed. Refer to the following code for example:
amAuthWindowsDesktopSSO:06/28/2011 04:24:33:854 PM CDT: Thread[http-8443-1,5,main] New Service Login ... amAuthWindowsDesktopSSO:06/28/2011 04:24:33:870 PM CDT: Thread[http-8443-1,5,main] ERROR: Service Login Error: amAuthWindowsDesktopSSO:06/28/2011 04:24:33:870 PM CDT: Thread[http-8443-1,5,main] Stack trace: javax.security.auth.login.LoginException: Client not found in Kerberos database (6) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
Log in or register to comment.