While trying to add a new principal, I got an access denied error. The error is mostly likely related to the fact that I'm trying to generate a keytab with a session, which was created using "runas". That is the cmd console is running as a user, which is different from the one I logged on as.
>ktab.exe" -a tomcat@EXAMPLE.COM secret
Failed to save new entry.
java.io.FileNotFoundException: C:\Users\Administrator\krb5.keytab (Zugriff verweigert)at java.io.FileOutputStream.open(Native Method)
Or "Access denied"
Because I was suspicious that the problem was somehow related to the tomcat user's environment, I decided to explicitly specified the keytab file with the "-k" parameter,
>ktab.exe" -a tomcat@EXAMPLE.COM secret -k c:\Users\tomcat\krb5.keytab
Done!
Service key for tomcat@EXAMPLE.COM is saved in c:\Users\tomcat\krb5.keytab
This wasn't that obvious because the program's help of the documentation are vague about the usage of the flag.
No comments:
Post a Comment