Why do not you implement support for inpu type = "date" ?
When writing sites I often faced with the need to use html code component <input type = "date">. But your browser does not support this type of data entry. Implement, please add support the <input type = "date">.
hi vladslav, this support forum is primarily run by the community, developers won't read here - we are normal users like you. implementing new features in the browser is not in our power. if you want to suggest those please either use https://input.mozilla.org/feedback or vote on the appropriate existing bug reports on bugzilla.mozilla.org to get those features implemented (please just vote but do not comment on bugzilla unless you have something substantial to add).
thank you!
Similar Messages
-
Support for JSON type data in ADF URL data control
Hi,
We are trying to migrate from a bindows based UI to ADF.
Our current architecture relies heavily on JSON type data for communication between products.
Is there a way an URL Data control can handle JSON type data?
Any help in this regard would be of great help.
Cheers,
RajHi all,
Is there any news on this issue? I would also like to be able to call a REST web service (non-SOAP) and use the JSON formatted response in ADF. (The use case here is to call UCM services from WebCenter without the SOAP overhead).
Regards, Stijn -
why can not you thought of improving the design of power adapters for mac book pro from damage so easily?
I congratulate you. you are very lucky because I hurt my less than two years taking all possible care. and have found that this has happened to many people more
-
Why iphone 3g has no support for ios 5 + ..please allow us to download..
Please do anyhow. .anything ...you are the creater of apple.. I know you can do it. .please do anything that iphone 3g will support ios 5 ro greater than that..The 3G was discontinued over 2yrs ago.
The 3GS was only discontinued about a month ago.
Apple made the decision that the 3G would not get anything newer than 4.2.1 because of reasons only they know.
Griping about it is pointless.
Speculating about why is against the terms of use of these forums.
The device is ancient... either accept that it will never get an update and live with it or buy something newer. -
Why does not Adobe flash player for iPad ,This is a very big problem
Why does not Adobe flash player for iPad ,This is a very big problem ,I do not know why Apple is so Popular
but Adobe is, in fact, continuing to update Flash for Android.
Only essential bug and security fixes. No new feature updates have been released for 2 years.
Of course we have those who wish fervently that the lack of Flash supprt will damage Apple severely and obsess about it all the time.
I thought they'd realised it was a lost cause ages ago... they mostly seem to have disappeared from this forum, at least... -
WebLogic SSO receiving "KDC has no support for encryption type (14)" error
Hello,
I am trying to implement SSO using an Off-the-Shelf app running on WebLogic, but receiving "KDC has no support for encryption type (14)" error. I have set the AD Server to Use DES encryption types for this account . I have added 'allowtgtsessionkey' registry entry on the client machine as well as the Windows Server on which WebLogic is running. My klist results on the client machine still seems to indicate AD is sending RC4 encryption format (please confirm looking at the results below). I am also attaching the WebLogic error log. I am slo seeing 2 errors at the very beginning of the WebLogic log when I restart the appserver.
% KLIST output
C:\Program Files\Resource Kit>klist tickets
Cached Tickets: (2)
Server: krbtgt/[email protected]
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 8/27/2008 1:52:56
Renew Time: 9/2/2008 15:52:56
Server: HTTP/[email protected]
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 8/27/2008 1:52:56
Renew Time: 9/2/2008 15:52:56
% WebLogic Error
<Aug 28, 2008 8:43:02 AM MDT> <Debug> <SecurityDebug> <000000> <java.security.krb5.realm was not defined, this could cause problems using Kerberos for negotiation>
<Aug 28, 2008 8:43:02 AM MDT> <Debug> <SecurityDebug> <000000> <java.security.krb5.kdc was not defined, this could cause problems using Kerberos for negotiation>
<Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <Default Authorization isAccessAllowed(): returning PERMIT>
<Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <DefaultAdjudicatorImpl.adjudicate results: PERMIT >
<Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <AuthorizationManager.isAccessAllowed returning adjudicated: true>
<Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
<Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null KeyTab is devmax01.http.keytab refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
KeyTab: load() entry length: 60
KeyTabInputStream, readName(): DEV.DENVERWATER.ORG
KeyTabInputStream, readName(): HTTP
KeyTabInputStream, readName(): devmax01principal's key obtained from the keytab
principal is HTTP/[email protected]
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbAsReq etypes are: 3 1 1
KrbKdcReq send: kdc=10.143.60.1 UDP:88, timeout=30000, number of retries =3, #bytes=252
KDCCommunication: kdc=10.143.60.1 UDP:88, timeout=30000,Attempt =1, #bytes=252
KrbKdcReq send: #bytes read=1311
KrbKdcReq send: #bytes read=1311
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsRep cons in KrbAsReq.getReply HTTP/devmax01Added server's keyKerberos Principal HTTP/[email protected] Version 4key EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: B3 86 A4 E5 83 0E 6D 9E
[Krb5LoginModule] added Krb5Principal HTTP/[email protected] to Subject
Commit Succeeded
Found key for HTTP/[email protected]
Entered Krb5Context.acceptSecContext with state=STATE_NEW
<Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> < GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - IdentityAssertionException>dins wrote:Do you think the klist output in my original posting confirms that AD is not encrypting tickets in DES format ?Yes, the current line prove it :
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)The fact is that Microsoft seems to use by default the RC4-HMAC-MD5 encryption type for AD.
Try to specify only des for encryption type in both your krb5.conf
[libdefaults]
default_realm = ...
default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
...and kdc.conf
[realms]
REALM = {
kadmind_port = ...
max_life = ...
max_renewable_life = ...
master_key_type = ddes-cbc-md5 des-cbc-crc des3-cbc-sha1
supported_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
kdc_supported_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
}If it still does not work, I'm out of ammo ;-). -
Problem: KDC has no support for encryption type (14)
hi, I have dealing the problem for long time and no response in bea forum.
I feel very exhausted when checking mit's kerberos mailist and sun forum. Any try every method they provide but not success.
first I generate the keytab using w2k's ktpass
ktpass -princ HTTP/[email protected] -mapuser weblogic -pass weblogic -out dlsvr_keytab -crypto des-cbc-crc
and it turn out to be successful.
My W2KSP4 KDC Config is:
c:\winnt\krb5.ini-----------------------------
[libdefaults]
default_realm = DLSVR.COM
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
ticket_lifetime = 600
[realms]
DLSVR.COM = {
kdc = 192.168.2.231
admin_server = dlserver
default_domain = DLSVR.COM
[domain_realm]
.dlsvr.com= DLSVR.COM
[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
i also set des type in AD Accout and also reset password after that
i create my keytab using des-cbc-crc as you can see in the log below :
<2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
KeyTab: load() entry length: 50
KeyTabInputStream, readName(): DLSVR.COM
KeyTabInputStream, readName(): host
KeyTabInputStream, readName(): weblogic
KeyTab: load() entry length: 44
KeyTabInputStream, readName(): dlsvr.com
KeyTabInputStream, readName(): weblogic
EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
crc32: e9889c7a
crc32: 11101001100010001001110001111010
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbAsReq etypes are: 1
KrbKdcReq send: kdc=192.168.2.231 UDP:88, timeout=30000, number of retries =3, #bytes=216
KDCCommunication: kdc=192.168.2.231 UDP:88, timeout=30000,Attempt =1, #bytes=216
KrbKdcReq send: #bytes read=1217
KrbKdcReq send: #bytes read=1217
EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
crc32: 54c176ae
crc32: 1010100110000010111011010101110
KrbAsRep cons in KrbAsReq.getReply host/weblogicFound key for host/[email protected]
Entered Krb5Context.acceptSecContext with state=STATE_NEW
<2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no
support for encryption type (14))
GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProvider
Impl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
So i don't know why win2k's KDC not support the des-cbc-crc,
Any Help or Clue woud be highly appreciated!
davidException was: javax.naming.AuthenticationException: KDC has no support for encryption type (14) [Root exception is KrbException: KDC has no support for encryption type (14)]
at com.sco.tta.server.security.java14.KerberosAuth.login(KerberosAuth.java:286)
at com.sco.tta.server.login.ADLoginAuthority.authenticate(ADLoginAuthority.java:39 0)
Cause 2: This exception is thrown when using native ticket cache on some Windows platforms. Microsoft has added a new feature in which they no longer export the session keys for Ticket-Granting Tickets (TGTs). As a result, the native TGT obtained on Windows has an "empty" session key and null EType. The effected platforms include: Windows Server 2003, Windows 2000 Server Service Pack 4 (SP4) and Windows XP SP2.
Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket.
On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01 ( default is 0 )
By default, the value is 0; setting it to "0x01" allows a session key to be included in the TGT. -
KDC has no support for encryption type (14)
I have come across a posting on "KDC has no support for encryption type (14)" - " http://www.webservertalk.com/message1277232.html"
and believe that I am hitting the same problem. However, there is no solution. Can anybody help?
I have done all the necessary steps suggested, including changing the registry and removing the unwanted SPN, but the error still there. The only different is probably I combined WebLogic and AD in one machine. But, does that make any difference?
Client
====
Name: ssoclient.ssow2k.com
OS: Win XP SP2
Server
=====
Name: ssow2kserver.ssow2k.com
OS: Windows 2000 Advanced Server SP4
WLS: BEA WebLogic 8.1.4
<<Registry>>
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01
The following is the WebLogic myserver log for your reference:
========================================================================================
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=console, contextPath=/console, uri=/*>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Admin>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Operator>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Deployer>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Monitor>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(Admin,Operator,Deployer,Monitor)}>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(Admin,Operator,Deployer,Monitor)} successfully deployed for resource type=<url>, application=console, contextPath=/console, uri=/*>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> < PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Found Negotiate with SPNEGO token>
####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
at sun.security.jgss.GSSContextImpl.acceptSecContext (GSSContextImpl.java:246)
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity (SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm (CertSecurityModule.java:104)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Exception weblogic.security.providers.utils.NegotiateTokenException: GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
weblogic.security.providers.utils.NegotiateTokenException : GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:419)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity (PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java :199)
at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute (ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
========================================================================================
The following are some krb5 packets captured. I suspected it is due to the encryption type used - RC4-HMAC:
========================================================================================
KRB5 (AS-REQ)
============
No. Time Source Destination Protocol Info
125 10.301166 10.122.1.2 10.122.1.200 KRB5 AS-REQ
Frame 125 (345 bytes on wire, 345 bytes captured)
Arrival Time: Apr 6, 2006 13:49:54.848903000
Time delta from previous packet: 0.008330000 seconds
Time since reference or first frame: 10.301166000 seconds
Frame Number: 125
Packet Length: 345 bytes
Capture Length: 345 bytes
Protocols in frame: eth:ip:udp:kerberos
Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Source: 10.122.1.2 (00:0c:29:17:9a:be)
Type: IP (0x0800)
Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 331
Identification: 0x0158 (344)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x208d [correct]
Source: 10.122.1.2 (10.122.1.2 )
Destination: 10.122.1.200 (10.122.1.200)
User Datagram Protocol, Src Port: 1075 (1075), Dst Port: kerberos (88)
Source port: 1075 (1075)
Destination port: kerberos (88)
Length: 311
Checksum: 0x1133 [correct]
Kerberos AS-REQ
Pvno: 5
MSG Type: AS-REQ (10)
padata: PA-ENC-TIMESTAMP PA-PAC-REQUEST
Type: PA-ENC-TIMESTAMP (2)
Type: PA-PAC-REQUEST (128)
KDC_REQ_BODY
Padding: 0
KDCOptions: 40810010 (Forwardable, Renewable, Canonicalize, Renewable OK)
Client Name (Principal): ssouser
Realm: SSOW2K.COM
Server Name (Service and Instance): krbtgt/SSOW2K.COM
till: 2037-09-13 02:48:05 (Z)
rtime: 2037-09-13 02:48:05 (Z)
Nonce: 1870983219
Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
Encryption type: rc4-hmac (23)
Encryption type: rc4-hmac-old (-133)
Encryption type: rc4-md4 (-128)
Encryption type: des-cbc-md5 (3)
Encryption type: des-cbc-crc (1)
Encryption type: rc4-hmac-exp (24)
Encryption type: rc4-hmac-old-exp (-135)
HostAddresses: SSOCLIENT<20>
KRB5 (AS-REP)
============
No. Time Source Destination Protocol Info
126 10.303156 10.122.1.200 10.122.1.2 KRB5 AS-REP
Frame 126 (1324 bytes on wire, 1324 bytes captured)
Arrival Time: Apr 6, 2006 13:49:54.850893000
Time delta from previous packet: 0.001990000 seconds
Time since reference or first frame: 10.303156000 seconds
Frame Number: 126
Packet Length: 1324 bytes
Capture Length: 1324 bytes
Protocols in frame: eth:ip:udp:kerberos
Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
Destination: 10.122.1.2 (00:0c:29:17:9a:be)
Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Type: IP (0x0800)
Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1310
Identification: 0x0a0f (2575)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1403 [correct]
Source: 10.122.1.200 (10.122.1.200)
Destination: 10.122.1.2 (10.122.1.2)
User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1075 (1075)
Source port: kerberos (88)
Destination port: 1075 (1075)
Length: 1290
Checksum: 0xb637 [correct]
Kerberos AS-REP
Pvno: 5
MSG Type: AS-REP (11)
Client Realm: SSOW2K.COM
Client Name (Principal): ssouser
Ticket
enc-part rc4-hmac
Encryption type: rc4-hmac (23)
Kvno: 1
enc-part: E3610239EACDD0E6D4E89AA7D81A355F6C93B95D95B13B56...
KRB5 (TGS-REQ)
============
No. Time Source Destination Protocol Info
127 10.309350 10.122.1.2 10.122.1.200 KRB5 TGS-REQ
Frame 127 (1307 bytes on wire, 1307 bytes captured)
Arrival Time: Apr 6, 2006 13:49:54.857087000
Time delta from previous packet: 0.006194000 seconds
Time since reference or first frame: 10.309350000 seconds
Frame Number: 127
Packet Length: 1307 bytes
Capture Length: 1307 bytes
Protocols in frame: eth:ip:udp:kerberos
Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Source: 10.122.1.2 (00:0c:29:17:9a:be)
Type: IP (0x0800)
Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1293
Identification: 0x0159 (345)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1cca [correct]
Source: 10.122.1.2 (10.122.1.2)
Destination: 10.122.1.200 ( 10.122.1.200)
User Datagram Protocol, Src Port: 1076 (1076), Dst Port: kerberos (88)
Source port: 1076 (1076)
Destination port: kerberos (88)
Length: 1273
Checksum: 0xd085 [correct]
Kerberos TGS-REQ
Pvno: 5
MSG Type: TGS-REQ (12)
padata: PA-TGS-REQ
Type: PA-TGS-REQ (1)
KDC_REQ_BODY
Padding: 0
KDCOptions: 40800000 (Forwardable, Renewable)
Realm: SSOW2K.COM
Server Name (Service and Instance): HTTP/ssow2kserver.ssow2k.com
till: 2037-09-13 02:48:05 (Z)
Nonce: 1871140380
Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
Encryption type: rc4-hmac (23)
Encryption type: rc4-hmac-old (-133)
Encryption type: rc4-md4 (-128)
Encryption type: des-cbc-md5 (3)
Encryption type: des-cbc-crc (1)
Encryption type: rc4-hmac-exp (24)
Encryption type: rc4-hmac-old-exp (-135)
KRB5 (TGS-REP)
============
No. Time Source Destination Protocol Info
128 10.310791 10.122.1.200 10.122.1.2 KRB5 TGS-REP
Frame 128 (1290 bytes on wire, 1290 bytes captured)
Arrival Time: Apr 6, 2006 13:49:54.858528000
Time delta from previous packet: 0.001441000 seconds
Time since reference or first frame: 10.310791000 seconds
Frame Number: 128
Packet Length: 1290 bytes
Capture Length: 1290 bytes
Protocols in frame: eth:ip:udp:kerberos
Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
Destination: 10.122.1.2 (00:0c:29:17:9a:be)
Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Type: IP (0x0800)
Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1276
Identification: 0x0a10 (2576)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1424 [correct]
Source: 10.122.1.200 (10.122.1.200)
Destination: 10.122.1.2 (10.122.1.2)
User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1076 (1076)
Source port: kerberos (88)
Destination port: 1076 (1076)
Length: 1256
Checksum: 0x1318 [correct]
Kerberos TGS-REP
Pvno: 5
MSG Type: TGS-REP (13)
Client Realm: SSOW2K.COM
Client Name (Principal): ssouser
Ticket
enc-part rc4-hmac
Encryption type: rc4-hmac (23)
Kvno: 1
enc-part: 4D2A9E8590CC716EA6571B093B6FAF89537B0B89F832C073...
========================================================================================
Can anybody enlighten me on how you solve this problem? Thanks.I ran into this error and caught the error code to remind me to edit the registry.
if (sError.contains("KDC has no support for encryption type (14)")){
JOptionPane.showMessageDialog(null,"Error " + ThisErrorCode.myErrorCode() + '\n' +
" http://support.microsoft.com/default.aspx?scid=kb;en-us;308339" + '\n' + '\n' +
"There is a known issue involving Windows clients running Windows 2000 SP4, XP SP2." + '\n' +
"To avoid the error, administrators need to update the Windows registry." + '\n' +
"The registry key, allowtgtsessionkey, should be added, and its value set correctly" + '\n' +
"to allow session keys to be sent in the Kerberos Ticket-Granting Ticket." + '\n' + '\n' +
"Windows XP SP2, add the registry entry:" + '\n' +
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\" + '\n' +
"Value Name: allowtgtsessionkey" + '\n' +
"Value Type: REG_DWORD" + '\n' +
"Value: 0x01" ,null, JOptionPane.ERROR_MESSAGE);
System.exit(-1); -
Could not start cache agent for the requested data store
Hi,
This is my first attempt in TimesTen. I am running TimesTen on the same Linux host (RHES 5.2) that running Oracle 11g R2. The version of TimesTen is:
TimesTen Release 11.2.1.4.0
Trying to create a simple cache.
The DSN entry for ttdemo1 in .odbc.ini is as follows:
+[ttdemo1]+
Driver=/home/oracle/TimesTen/timesten/lib/libtten.so
DataStore=/work/oracle/TimesTen_store/ttdemo1
PermSize=128
TempSize=128
UID=hr
OracleId=MYDB
DatabaseCharacterSet=WE8MSWIN1252
ConnectionCharacterSet=WE8MSWIN1252
Using ttisql I connect
Command> connect "dsn=ttdemo1;pwd=oracle;oraclepwd=oracle";
Connection successful: DSN=ttdemo1;UID=hr;DataStore=/work/oracle/TimesTen_store/ttdemo1;DatabaseCharacterSet=WE8MSWIN1252;ConnectionCharacterSet=WE8MSWIN1252;DRIVER=/home/oracle/TimesTen/timesten/lib/libtten.so;OracleId=MYDB;PermSize=128;TempSize=128;TypeMode=0;OracleNetServiceName=MYDB;
(Default setting AutoCommit=1)
Command> call ttcacheuidpwdset('ttsys','oracle');
Command> call ttcachestart;
*10024: Could not start cache agent for the requested data store. Could not initialize Oracle Environment Handle.*
The command failed.
The following is shown in the tterrors.log:
15:41:21.82 Err : ORA: 9143: ora-9143--1252549744-xxagent03356: Datastore: TTDEMO1 OCIEnvCreate failed. Return code -1
15:41:21.82 Err : : 7140: oraagent says it has failed to start: Could not initialize Oracle Environment Handle.
15:41:22.36 Err : : 7140: TT14004: TimesTen daemon creation failed: Could not spawn oraagent for '/work/oracle/TimesTen_store/ttdemo1': Could not initialize Oracle Environment Handl
What are the reasons that the daemon cannot spawn another agent? FYI the environment variables are set as:
ORA_NLS33=/u01/app/oracle/product/11.2.0/db_1/ocommon/nls/admin/data
ANT_HOME=/home/oracle/TimesTen/ttdemo1/3rdparty/ant
CLASSPATH=/home/oracle/TimesTen/ttdemo1/lib/ttjdbc5.jar:/home/oracle/TimesTen/ttdemo1/lib/orai18n.jar:/home/oracle/TimesTen/ttdemo1/lib/timestenjmsxla.jar:/home/oracle/TimesTen/ttdemo1/3rdparty/jms1.1/lib/jms.jar:.
oracle@rhes5:/home/oracle/TimesTen/ttdemo1/info% echo $LD_LIBRARY_PATH
/home/oracle/TimesTen/ttdemo1/lib:/home/oracle/TimesTen/ttdemo1/ttoracle_home/instantclient_11_1:/u01/app/oracle/product/11.2.0/db_1/lib:/u01/app/oracle/product/11.2.0/db_1/network/lib:/lib:/usr/lib:/usr/ucblib:/usr/local/lib
CheersSure thanks.
Here you go:
Daemon environment:
_=/bin/csh
DISABLE_HUGETLBFS=1
SYSTEM=TEST
INIT_FILE=/u01/app/oracle/product/10.1.0/db_1/dbs/init+ASM.ora
GEN_APPSDIR=/home/oracle/dba/bin
LD_LIBRARY_PATH=/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/ttoracle_home/instantclient_11_1:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/lib:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/ttoracle_home/instantclient_11_1:/u01/app/oracle/product/11.2.0/db_1/lib:/u01/app/oracle/product/11.2.0/db_1/network/lib:/lib:/usr/lib:/usr/ucblib:/usr/local/lib
HOME=/home/oracle
SPFILE_DIR=/u01/app/oracle/backup/+ASM/initfile_dir
TNS_ADMIN=/u01/app/oracle/product/11.2.0/db_1/network/admin
INITFILE_DIR=/u01/app/oracle/backup/+ASM/initfile_dir
HTMLDIR=/home/oracle/+ASM/dba/html
HOSTNAME=rhes5
TEMP=/oradata1/tmp
PWD=/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/bin
HISTSIZE=1000
PATH=/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/bin:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/quickstart/sample_code/oci:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/quickstart/sample_code/odbc:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/quickstart/sample_code/odbc/xla:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/quickstart/sample_code/jdbc:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/quickstart/sample_code/odbc_drivermgr:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/quickstart/sample_code/proc:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/quickstart/sample_code/ttclasses:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/quickstart/sample_code/ttclasses/xla:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/ttoracle_home/instantclient_11_1:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/ttoracle_home/instantclient_11_1/sdk:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/3rdparty/ant/bin:/usr/kerberos/bin:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/bin/X11:/usr/X11R6/bin:/usr/platform/SUNW,Ultra-2/sbin:/u01/app/oracle/product/11.2.0/db_1:/u01/app/oracle/product/11.2.0/db_1/bin:.
GEN_ADMINDIR=/home/oracle/dba/admin
CONTROLFILE_DIR=/u01/app/oracle/backup/+ASM/controlfile_dir
ETCDIR=/home/oracle/+ASM/dba/etc
GEN_ENVDIR=/home/oracle/dba/env
DATAFILE_DIR=/u01/app/oracle/backup/+ASM/datafile_dir
BACKUPDIR=/u01/app/oracle/backup/+ASM
RESTORE_ARCFILES=/u01/app/oracle/backup/+ASM/restorefile_dir/restore_arcfiles.txt
TMPDIR=/oradata1/tmp
CVS_RSH=ssh
ARCLOG_DIR=/u01/app/oracle/backup/+ASM/arclog_dir
REDOLOG_DIR=/u01/app/oracle/backup/+ASM/redolog_dir
INPUTRC=/etc/inputrc
LOGDIR=/home/oracle/+ASM/dba/log
DATAFILE_LIST=/u01/app/oracle/backup/+ASM/datafile_dir/datafile.list
LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:
PS1=rhes5:($ORACLE_SID)$
G_BROKEN_FILENAMES=1
SHELL=/bin/ksh
PASSFILE=/home/oracle/dba/env/.ora_accounts
LOGNAME=oracle
ORA_NLS10=/u01/app/oracle/product/11.2.0/db_1/nls/data
ORACLE_SID=mydb
APPSDIR=/home/oracle/+ASM/dba/bin
ORACLE_OWNER=oracle
RESTOREFILE_DIR=/u01/app/oracle/backup/+ASM/restorefile_dir
SQLPATH=/home/oracle/dba/bin
TRANDUMPDIR=/tran
RESTORE_SPFILE=/u01/app/oracle/backup/+ASM/restorefile_dir/restore_spfile.txt
RESTORE_DATAFILES=/u01/app/oracle/backup/+ASM/restorefile_dir/restore_datafiles.txt
ENV=/home/oracle/.kshrc
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SSH_CONNECTION=50.140.197.215 62742 50.140.197.216 22
LESSOPEN=|/usr/bin/lesspipe.sh %s
TERM=xterm
GEN_ETCDIR=/home/oracle/dba/etc
SP_FILE=/u01/app/oracle/product/10.1.0/db_1/dbs/spfile+ASM.ora
ORACLE_BASE=/u01/app/oracle
ASTFEATURES=UNIVERSE - ucb
ADMINDIR=/home/oracle/+ASM/dba/admin
SSH_CLIENT=50.140.197.215 62742 22
TZ=GB
SUPPORT=oracle@linux
ARCHIVE_LOG_LIST=/u01/app/oracle/backup/+ASM/arclog_dir/archive_log.list
USER=oracle
RESTORE_TEMPFILES=/u01/app/oracle/backup/+ASM/restorefile_dir/restore_tempfiles.txt
MAIL=/var/spool/mail/oracle
EXCLUDE=/home/oracle/+ASM/dba/bin/exclude.lst
GEN_LOGDIR=/home/oracle/dba/log
SSH_TTY=/dev/pts/2
RESTORE_INITFILE=/u01/app/oracle/backup/+ASM/restorefile_dir/restore_initfile.txt
HOSTTYPE=i386-linux
VENDOR=intel
OSTYPE=linux
MACHTYPE=i386
SHLVL=1
GROUP=dba
HOST=rhes5
REMOTEHOST=vista
EDITOR=vi
ORA_NLS33=/u01/app/oracle/product/11.2.0/db_1/ocommon/nls/admin/data
ODBCINI=/home/oracle/.odbc.ini
TT=/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/
SHLIB_PATH=/u01/app/oracle/product/11.2.0/db_1/lib:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1//lib
ANT_HOME=/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/3rdparty/ant
CLASSPATH=/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/lib/ttjdbc5.jar:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/lib/orai18n.jar:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/lib/timestenjmsxla.jar:/home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/3rdparty/jms1.1/lib/jms.jar:.
TT_AWT_PLSQL=0
NLS_LANG=AMERICAN_AMERICA
NLS_COMP=ANSI
NLS_SORT=BINARY
NLS_LENGTH_SEMANTICS=BYTE
NLS_NCHAR_CONV_EXCP=FALSE
NLS_CALENDAR=GREGORIAN
NLS_TIME_FORMAT=hh24:mi:ss
NLS_DATE_FORMAT=syyyy-mm-dd hh24:mi:ss
NLS_TIMESTAMP_FORMAT=syyyy-mm-dd hh24:mi:ss.ff9
ORACLE_HOME=
DaemonCWD = /home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/info
DaemonLog = /home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/info/tterrors.log
DaemonOptionsFile = /home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/info/ttendaemon.options
Platform = Linux/x86/32bit
SupportLog = /home/oracle/TimesTen/11.2.1.4.0/TimesTen/ttimdb1/info/ttmesg.log
Uptime = 136177 seconds
Backcompat = no
Group = 'dba'
Daemon pid 8111 port 53384 instance ttimdb1
End of report -
Field SNPLC is not an entry field for resource type 02
While transferring resource, getting the error message below;
Field SNPLC is not an entry field for resource type 02
Message no. /SAPAPO/DMRES149
Is that something to do with CFC9??
Please help.Hi,
You have defined the resource type as 2 ( single activity resource) which is PPDS relevant but in the Planning parameters tab of the APO resource you have defined it as SNP relevant.( Not ticked the Not SNP relevant)
Request you to make tick in the Not SNP relevant field and then try Ciffing.
Since SYSFAIL has happend request you to clear the failed Queues and then CIF it.
Thanks,
nandha -
GSSException"KDC has no support for encryption type (14)" on token exchange
I'm stumped. Just started working with an MIT KDC v5 1.3.1 running on Linux and trying to get the IBM sample apps (GSSClient and GSSServer) working. The apps are here: http://www-106.ibm.com/developerworks/java/library/j-gss-sso/
I have two principals set up using defaults: one for the client and one for the server. The GSSClient, GSSServer and KDC are all running on the same machine in the same Realm.
I start the server just fine and it waits with:
GSSServer starts... Waiting for incoming connectionWhen I run the client the client authentictes and the context is successsfully created. However, the GSSServer throws an Exception:
GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
at com.ourcorp.caa.security.GSSServer.run(GSSServer.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at com.ourcorp.caa.security.GSSServer.startServer(GSSServer.java:98)
at com.ourcorp.caa.security.GSSServer.main(GSSServer.java:71)
The client also throws an Exception:
GSSClient... Getting client credentials
GSSClient... GSSManager creating security context
GSSClient...Sending token to server over secure context
GSSClient...Secure context initialized
GSSClient...Written 511 bytes
GSSClient...Exception nulljava.io.EOFException
at java.io.DataInputStream.readInt(DataInputStream.java:448)
at com.ourcorp.caa.security.GSSClient.run(GSSClient.java:184)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:320)
at com.ourcorp.caa.security.GSSClient.login(GSSClient.java:117)
at com.ourcorp.caa.security.GSSClient.main(GSSClient.java:63)
Client authentication denied...
This happens consistently and I cannot get passed this point! The weird thing is, is that the same thing happens using the Windows 2003 Server KDC! Same Exception.
Can anyone help me understand what is causing this? The Exception mentions "KDC has no support for encryption type (14)" but we're not specifying any encryption type other than the defaults. The principals are the same as far as I know.
Thanks.Interesting I managed to get this example to work but I had to create two principals (one for the client one for the server) with encryption types of "des-cbc-crc:normal" only . It seems that a with principal with "des-cbc-crc:normal" and "des3-hmac-sha1:normal" encryption types causes the Exception. So, the question I have is: does the GSS API support TripleDES or what? The KDC is obviosuly trying to use it for the user-user exchange but fails.
Anyone got any ideas? Thanks. -
KDC has no support for encryption type (14) in windows 2008
The active directory is a windows 2008 box. I am not mentioning any encryption types in krb5.ini. I know that we should add some registry entries in Windows 2003 and XP. But I was not able to find something similar to those, corresponding to windows 2008. I also tried adding the registry that was meant for windows 2003. But it din't work.
Any help appreciated.
Thanks in advanceSorry for a very late response and for not providing adequate information in my question.
I have Active Directory is in windows 2008 box and my application runs in a windows 2003 box. Its a very simple configuration and there is just one domain configured in the AD(no forest, no parent-child domains).
my login.config file looks like this
KerbAuth4Portal{
com.sun.security.auth.module.Krb5LoginModule required debug=true refreshKrb5Config=true;
and the krb5.conf looks like this
[libdefaults]
default_realm = KERB.WHIGFIELD.COM
[domain_realm]
.kerb.whigfield.com = KERB.WHIGFIELD.COM
[realms]
KERB.WHIGFIELD.COM = {
kdc = Ferrari-w2k8Vm1.kerb.whigfield.com
This is my method
public void authenticateForPortal(String userName, String password)
throws AuthenticationException {
LoginContext lc = null;
Subject subject = null;
try {
// String pwd= EncryptData.decryptString(password);
// userName = "[email protected]";
// userName = helper.convertDN2KerberosPrincipal(userName);
// password = "control";
lc = new LoginContext("KerbAuth4Portal", new LdapCallbackHandler(
userName, password));
lc.login();
logTicketAttributes(lc);
subject = lc.getSubject();
log.debug("Authenticated subject" + subject);
} catch (LoginException le) {
log.error("Login failed-", le);
throw new AuthenticationException("Failed to login -"
+ le.getMessage());
and this is the exception I am getting
javax.naming.AuthenticationException: Failed to login -KDC has no support for encryption type (14)
But if I set the useTicketCache to true, then I am not getting this issue, but it the authentication happens with the user present in ticket cache and not with the user passed in my method
Any help appreciated.
Thanks in advance -
KDC has no support for encryption type
Hi,
I hope not too much people are not reading this post because of the very common error message. But I'm really somewhat confused:
For testing Kerberos 5 SSO I set up a little domain controller running Windows 2003 Server and a client in the domain running Windows XP. In the active directory I created a service account with the logon test-service and a user account test-user. The switch "Use DES encryption types for this account" is set for both accounts and I reseted the passwords after setting the switch. Additionally I added a service principal name test/test.krbtest.local to the service account.
On the client machine I execute a very simple JAVA client program that tries to obtain a service ticket for the service test/test.krbtest.local. If I configure the client to prompt for a password, the service ticket is obtained without a problem using etype 3 (sun.security.krb5.internal.crypto.DesCbcMd5EType). But when trying to read the existing TGT from the native windows cache the client exits with:
KDC has no support for encryption type (14)The debug output tells the following:
>>> Obtained TGT from LSA: Credentials:
[email protected]
server=krbtgt/[email protected]
authTime=20070413112833Z
startTime=20070413112833Z
endTime=20070413212833Z
renewTill=20070420112833Z
flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
EType (int): 0
Principal is [email protected]
Commit Succeeded
Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Apr 13 23:28:33 CEST 2007
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Apr 13 23:28:33 CEST 2007
Service ticket not found in the subject
Credentials acquireServiceCreds: same realmUsing builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17.
CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
EType: sun.security.krb5.internal.crypto.NullEType...Note that it says "Etype (int): 0" which I think is no valid encryption type at all. klist (from the windows resource kit) tells me that my tickets look like:
Server: krbtgt/[email protected]
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 4/13/2007 23:28:33
Renew Time: 4/20/2007 13:28:33
...But as mentioned above I set the option "Use DES encryption types for this account" for both the user and service account. Am I doing something wrong here??
Additionally I thought JAVA 1.5.11 would support RC4-HMAC, is that wrong?
Even more confusing:
If I remove the "Use DES encryption types for this account" switch for the two accounts and configure my JAVA client program to prompt for a password, a ticket is obtained using the RC4-HMAC encryption type 23 (sun.security.krb5.internal.crypto.ArcFourHmacEType). But using the ticket from the cache again does not work.
I'd appreciate any comments on that since I'm totally confused by now and have no idea on how to get this SSO thing working correctly in JAVA.
Cheers
P.S.:
I just wanted to mention that adding
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmacto my krb5.ini has no effect on the desribed behaviour
Message was edited by:
sherazadeOk,
perhaps I should have looked around the forum a little bit more in-depth...
Setting the AllowTGTSessionKey registry key to 1 solves this issue...
thanks -
How to identify the Stanadard Extractor will support for Real time Data
How to identify the Stanadard Extractor will support for Real time Data Acquisation . Enabled
Hi
In the ROOSOURCE table you can find the extract structures, go through all the fields of the extractor and if you find all of your equired fields exist ok else try to enhance for teh needed fields and go with user exit to populate the data for that fields' -
Why can't I use iCloud for exchange of data - like I could with MobileMe?
Why can't I use iCloud for exchange of data - like I could with MobileMe?
Oder auf Deutsch, warum kann ich keine Daten mehr in iCloud speichern bzw. zum Austausch bereitstellen, wie das bei MobileMe noch ging?
Danke für die Hilfe
Thanx in advance!The purpose of iCloud is to sync data between your devices.
There is no "web address" to your files and no way to "share" them with others (except photos).
Maybe you are looking for
-
New computer how can I get my old purchases on the new computer?
I got a new computer, but don't know how to get my itunes to transfer my purchases over to new computer and don't want to lose all my music... can someone help?
-
I am looking for a reliable proof reading app for iPad. Can anyone help? Please
I am looking for a good Proofreading app to use on my iPad. Can anyone in the UK help. Thanks. Denis.
-
Batch Job Performance Issue in BW
Hi All I would like to if there are any performance tuning methods for batch jobs in BW. Few jobs are taking much longer time and i need to figure out a method to tune them. Thanks in advance for your help Regards JP
-
Macbook Pro CD ROM not working!!
I have a 2009 Macbook Pro. Unfortunately the CD rom suddenly doesnt read or reconise any CD i insert in it. I insert the CD it makes a noise but nothing shows up on the desktop or on iTunes and a few minutes later it spits it out. Can someone please
-
How to make the icons in the dock become bigger when I hover over them?
I see in my friend's Mac that the icons in the dock become bigger when the user hovers over them with the mouse pointer. Mine don't change when I hover over them. Am I missing something?