Thaks ShawnM
I added the following to the krb5.ini
[libdefaults]
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
permitted_enctypes = rc4-hmac
And I finally get a ticket. So the KDC setup for this user is complete per the documentation.
However I still get the error in the log
java.lang.RuntimeException: java.lang.RuntimeException: Default KDC not set
And I still hang at the J_security_check. I tried rebooting the DB waiting until it started and then rebooting the Enforce server but still hang at the error. Here are the logs after reboot below:
20 Apr 2012 11:58:53,859- Thread: 10 INFO [com.vontu.manager] Enforce Server started. The enforce server was started.
20 Apr 2012 11:58:53,875- Thread: 10 INFO [com.vontu.manager.ProtectServlet] (MANAGER.2) The Manager is now running
20 Apr 2012 11:58:53,953- Starting Coyote HTTP/1.1 on http-443
20 Apr 2012 11:58:53,968- Server startup in 7765 ms
20 Apr 2012 11:59:53,812- Thread: 12 INFO [com.vontu.manager.system.keystore.KeystoreRotationTask] (MANAGER.805) Checking if cryptographic keys require rotation
20 Apr 2012 12:03:53,890- Thread: 13 INFO [com.vontu.manager.license.ManagerLicenseTools] (MANAGER.400) License validation succeeded.
20 Apr 2012 12:03:53,890- Thread: 13 SEVERE [com.vontu.manager] License has expired. One or more of your product licenses has expired. Some system feature may be disabled. Check the status of your licenses on the system settings page.
20 Apr 2012 14:16:04,521- Thread: 14 INFO [com.vontu.enforce.authentication.kerberos.KerberosAuthenticationService] System property java.security.krb5.realm=globeandmail.net
20 Apr 2012 14:16:04,521- Thread: 14 SEVERE [com.vontu.enforce.authentication.kerberos.KerberosAuthenticationService] Default KDC not set
20 Apr 2012 14:16:04,537- Thread: 14 SEVERE [com.vontu.enforce.authentication.AuthenticationServiceFactory] Unable to initialize the EnforceAuthenicationService
Cause:
java.lang.RuntimeException: Default KDC not set
java.lang.RuntimeException: Default KDC not set
at com.vontu.enforce.authentication.kerberos.KerberosAuthenticationService.<init>(KerberosAuthenticationService.java:39)
at com.vontu.enforce.authentication.AuthenticationServiceFactory.getService(AuthenticationServiceFactory.java:22)
at com.vontu.enforce.authentication.realm.ProtectJAASRealm.createAuthenticationService(ProtectJAASRealm.java:82)
at com.vontu.enforce.authentication.realm.ProtectJAASRealm.getAuthenticationService(ProtectJAASRealm.java:74)
at com.vontu.enforce.authentication.realm.ProtectJAASRealm.authenticate(ProtectJAASRealm.java:29)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:259)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:454)
at com.vontu.manager.security.VontuFormAuthenticatorValve.invoke(VontuFormAuthenticatorValve.java:64)
at com.vontu.manager.security.ClientCertificateLoginValve.invoke(ClientCertificateLoginValve.java:81)
at com.vontu.manager.security.SpcSsoValve.invoke(SpcSsoValve.java:106)
at com.vontu.manager.security.IpCatcherValve.invoke(IpCatcherValve.java:73)
at com.vontu.manager.security.CharacterEncodingValve.invoke(CharacterEncodingValve.java:42)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)
20 Apr 2012 14:16:04,537- An exception or error occurred in the container during the request processing
java.lang.RuntimeException: java.lang.RuntimeException: Default KDC not set
FYI I cannot log into the DLP server as Administrator ever since I made the AD change. I get the same J_security_check error. Any ideas? Thanks for your help.