Bug 44093 - Authentication failed. KDC has no support for encryption type (14)
Summary: Authentication failed. KDC has no support for encryption type (14)
Status: RESOLVED INVALID
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Webapps:Administration (show other bugs)
Version: 5.0.27
Hardware: Other Windows Server 2003
: P5 critical (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords: ErrorMessage
Depends on:
Blocks:
 
Reported: 2007-12-18 08:34 UTC by Carole Wittemann
Modified: 2007-12-18 12:31 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carole Wittemann 2007-12-18 08:34:41 UTC
We have installed Apache/Tomcat 5.0.27 that is packaged with Business Objects 
XI R2.  We have authentication setup with Windows Active Directory within 
Business Objects and modified the Tomcat configuration to point to 2 files in 
the C:\WINNT directory:
1. bscLogin.conf
2. krb5.ini

Users were able to login to Business Objects using Apache/Tomcat as the web 
server and then a couple of months ago, some users were getting the following 
error in the Business Objects portal:
"Account Information Not Recoginzed: Active Directory Authentication failed to 
log you on.  Please contact your system administrator to make sure you are a 
member of a valid mapped group and try again"

The std.out file reveals the following entry"
principal is X00505@PROD.AD.MERC.CHICAGO.CME.COM
		[Krb5LoginModule] authentication failed 
KDC has no support for encryption type (14)
2138765 [TP-Processor1] ERROR 
com.crystaldecisions.sdk.plugin.authentication.ldap.internal.SecWinADAuthenticat
ion  - Authentication failed. KDC has no support for encryption type (14)
Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt 
false ticketCache is null KeyTab is null refreshKrb5Config is false principal 
is null tryFirstPass is false useFirstPass is false storePass is false 
clearPass is false
		[Krb5LoginModule] user entered username: 
x00505@PROD.AD.MERC.CHICAGO.CME.COM

This issue has been open for a couple of months now with Business Objects and 
they are starting to say that its a problem with Apache/Tomcat.  

Any advice?
Thanks,
Carole
Comment 1 Mark Thomas 2007-12-18 12:31:52 UTC
There is little information to go on but there is nothing that suggests a Tomcat
issue. The class reporting the error
(com.crystaldecisions.sdk.plugin.authentication.ldap.internal.SecWinADAuthenticat
ion) is not one that is distributed with Tomcat.

This one belongs firmly with Business Objects and if they are trying to suggest
differently I suggest you escalate this issue with your account manager (or
whatever the escalation process is for Business Objects when you feel the
support people aren't providing the service you have paid for).

A quick Google suggests a couple of possible causes and solutions but I assume
you have tried these.