Unable to pass authentication

Question

Unable to pass authentication

Closed this issue 8 months ago · 2 comments

Hello, I tried to log in using gokrb5v8 and it failed. Exception information:
KDC_Error: AS Exchange Error: kerberos error response from KDC: KRB Error: (6) KDC_ERR_C_PRINCIPAL_UNKNOWN Client not found in Kerberos database - CLIENT_NOT_FOUND

TestCode:

package main

import (
	"github.com/jcmturner/gokrb5/v8/client"
	"github.com/jcmturner/gokrb5/v8/config"
	"github.com/jcmturner/gokrb5/v8/keytab"
)

func main() {
	krbConf, err := config.Load("security_krb5.conf")
	if err != nil {
		panic(err)
	}

	keytabFile, err := keytab.Load("security_venus.keytab")
	if err != nil {
		panic(err)
	}
	krbclient := client.NewWithKeytab("venus@HADOOP.QIYI.COM", "HADOOP.QIYI.COM", keytabFile, krbConf)
	err = krbclient.Login()
	if err != nil {
		panic(err)
	}
}

I can successfully log in to the configuration files involved in the code in Java language.
I found in the debugger that the ReqBody of gokrb5 is not parsed the same as Java. I am not sure if it is because of this reason.

Diff the ReqBody of the two tools, Krb5 has several fields that are displayed differently.

Answer 1 · 2024-06-25T05:32:40.000Z

You can try username without realm.

krbclient := client.NewWithKeytab("venus", "HADOOP.QIYI.COM", keytabFile, krbConf)

Answer 2 · 2024-06-25T07:12:46.000Z

You can try username without realm.

krbclient := client.NewWithKeytab("venus", "HADOOP.QIYI.COM", keytabFile, krbConf)

u are right.