Wednesday, July 16, 2014

Kerberos Windows configuration for Java 7

After migrating to Java 7, our Java client application was unable to authenticate via Kerberos on Windows. If you have the same problem, the following configuration may help you solve it. There is a key allowtgtsessionkey in Windows registry that allows client application to decrypt session key of Kerberos Ticket Granting Ticket (TGT).

Windows Registry configuration

Depending on the version of Windows you use, this registry key should be created in the following Registry path.

Windows XP

REG_DWORD name: allowtgtsessionkey
Value: 1

Windows 2003 Server, Vista, 7,  8, etc.

REG_DWORD name: allowtgtsessionkey
Value: 1

Default realm not found

Another problem that occurred (not sure if it is connected to Java 7) was missing default realm.

Find your krb5.ini file and add the following section if it is missing

default_realm = EUROPE.EXAMPLE.COM
// KDC configuration for realms
    kdc =

No comments:

Post a Comment