Web Agent kerberos permission denied
Article ID: 118667
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
I'm running Web Agent, which protects a resource with Kerberos
Authentication scheme, and suddenly, the authentication doesn't work
anymore and the Web Agent reports error :
@ Sun, 30 Sep 2018 02:09:41 +000
[2467] 1538273381.162330: Getting initial credentials for
HTTP/[email protected]
[2467] 1538273381.162602: Setting initial creds service to
krbtgt/[email protected]
[2467] 1538273381.162700: Couldn't lookup etypes in keytab:
13/Permission denied
[...]
[2467] 1538273381.260416: Retrieving
HTTP/[email protected] from
FILE:/etc/wa.keytab (vno 0, enctype rc4-hmac) with result:
13/Permission denied
[2467] 1538273381.260425: Preauth module encrypted_timestamp (2)
(flags=1) returned: 13/Permission denied
How can I fix this ?
Authentication scheme, and suddenly, the authentication doesn't work
anymore and the Web Agent reports error :
@ Sun, 30 Sep 2018 02:09:41 +000
[2467] 1538273381.162330: Getting initial credentials for
HTTP/[email protected]
[2467] 1538273381.162602: Setting initial creds service to
krbtgt/[email protected]
[2467] 1538273381.162700: Couldn't lookup etypes in keytab:
13/Permission denied
[...]
[2467] 1538273381.260416: Retrieving
HTTP/[email protected] from
FILE:/etc/wa.keytab (vno 0, enctype rc4-hmac) with result:
13/Permission denied
[2467] 1538273381.260425: Preauth module encrypted_timestamp (2)
(flags=1) returned: 13/Permission denied
How can I fix this ?
Cause
We noted that the Web Agent OS date and time was in the future.
Environment
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Component:
Component:
Resolution
We changed the time back two days ago by restarting the ntp client on
the machine and the network clock set it as per the other machines to
Fri, 28 Sep 2018 11:47:01 +0000, and the permission denied issue
disapeared.
[2936] 1538135221.803975: Selected etype info: etype rc4-hmac, salt
"", params ""
[2936] 1538135221.804095: Retrieving
HTTP/[email protected] from
FILE:/etc/wa.keytab (vno 0, enctype rc4-hmac) with result: 0/Success
[2936] 1538135221.804186: AS key obtained for encrypted timestamp:
rc4-hmac/3086
the machine and the network clock set it as per the other machines to
Fri, 28 Sep 2018 11:47:01 +0000, and the permission denied issue
disapeared.
[2936] 1538135221.803975: Selected etype info: etype rc4-hmac, salt
"", params ""
[2936] 1538135221.804095: Retrieving
HTTP/[email protected] from
FILE:/etc/wa.keytab (vno 0, enctype rc4-hmac) with result: 0/Success
[2936] 1538135221.804186: AS key obtained for encrypted timestamp:
rc4-hmac/3086
Feedback
Yes
No
Powered by
