Kerberos authentication errors after applying patches on Windows to address CVE-2022-37967, CVE-2022-38023, CVE-2022-37966
Issue
- After Windows DC was patched for security hardening for Netlogon and Kerberos with November 2022 security update
MC461855, JBoss EAP reported KDC errors:
DEBUG [org.jboss.security] (default task-7) PBOX00206: Login failure: javax.security.auth.login.LoginException: KDC has no support for encryption type (14)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:808) [rt.jar:1.8.0_231]
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) [rt.jar:1.8.0_231]
at org.jboss.security.negotiation.KerberosLoginModule.login(KerberosLoginModule.java:190) [jboss-negotiation-extras-3.0.6.Final-redhat-00001.jar:3.0.6.Final-redhat-00001]
at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source) [:1.8.0_231]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_231]
...
Caused by: KrbException: KDC has no support for encryption type (14)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76) [rt.jar:1.8.0_231]
at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316) [rt.jar:1.8.0_231]
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361) [rt.jar:1.8.0_231]
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:780) [rt.jar:1.8.0_231]
... 77 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) [rt.jar:1.8.0_231]
at sun.security.krb5.internal.ASRep.init(ASRep.java:64) [rt.jar:1.8.0_231]
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:59) [rt.jar:1.8.0_231]
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60) [rt.jar:1.8.0_231]
... 80 more
Environment
- Red Hat JBoss Enterprise Application Platform (JBoss EAP)
- 7.3.8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.