(FAQ)部分域用户登录EAS Cloud客户端和登录WEB平台认证失败
原因分析： KDC（AD域服务器）不支持某种加密算法所致。 解决方法： 可参照如下连接解决。http://download.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/Troubleshooting.html 如下部分： • javax.security.auth.login.LoginException: KrbException: KDC has no support for encryption type (14) - KDC has no support for encryption type Cause 1: Your KDC does not support the encryption type requested. Solution 1: Sun's implementation of Kerberos supports the following encryption types: des-cbc-md5, des-cbc-crc and des3-cbc-sha1. Applications can select the desired encryption type by specifying following tags in the Kerberos Configuration file krb5.conf: [libdefaults] default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 If not specified, the default value is: des-cbc-md5 des-cbc-crc des3-cbc-sha1 Cause 2: This exception is thrown when using native ticket cache on some Windows platforms. Microsoft has added a new feature in which they no longer export the session keys for Ticket-Granting Tickets (TGTs). As a result, the native TGT obtained on Windows has an "empty" session key and null EType. The effected platforms include: Windows Server 2003, Windows 2000 Server Service Pack 4 (SP4) and Windows XP SP2. Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket. On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting: HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsaKerberosParameters Value Name: allowtgtsessionkey Value Type: REG_DWORD Value: 0x01 ( default is 0 ) By default, the value is 0; setting it to "0x01" allows a session key to be included in the TGT. Here is the location of the registry setting on Windows XP SP2: HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsaKerberos Value Name: allowtgtsessionkey Value Type: REG_DWORD Value: 0x01 关键字 部分用户登录失败,用户认证失败,R110627-0407, KDC