On 25.05.22 16:27, Ronald Wimmer via FreeIPA-users wrote:
On 25.05.22 09:26, Ronald Wimmer via FreeIPA-users wrote:
> On 24.05.22 23:47, Ronald Wimmer via FreeIPA-users wrote:
>> Today I tried to update one of our Keycloaks from version 12 to 18.
>> Everything looked good except Kerberos login. I am using the exact
>> same keytab file I used in KC version 12 but in version 18 I do get
>> May 24 23:18:36 kc001.linux.mydomain.at kc.sh: 2022-05-24
>> 23:18:36,996 WARN
>> (executor-thread-2) SPNEGO login failed:
>> java.security.PrivilegedActionException: GSSException: Failure
>> unspecified at GSS-API level (Mechanism level: Checksum failed)
>> Any ideas what might be the cause?
> After I reverted to the snapshot I took before the same problem
> appeared. Obviously, it has nothing to do with the Keycloak update. I
> need to investigate where the "checksum failed" error comes from.
After freeing Firefox from its snap prison I tried again and the problem
vanished. This is just a coincidence as I verified the problem from a
windows host yesterday.
What I really need to know is what can cause such a checksum error? Any
I read something that enabling preauth could help in such authentication
matters but honestly I doubt that.
Has anyone had similar problems and could point me in the right direction?