Web Agent kerberos permission denied

Document ID : KB000118667
Last Modified Date : 30/10/2018
Show Technical Document Details
Issue:
I'm running Web Agent, which protects a resource with Kerberos
Authentication scheme, and suddenly, the authentication doesn't work
anymore and the Web Agent reports error :


@ Sun, 30 Sep 2018 02:09:41 +000 

[2467] 1538273381.162330: Getting initial credentials for 
HTTP/duspa01-u171282.training.com@TRAINING.COM 

[2467] 1538273381.162602: Setting initial creds service to 
krbtgt/TRAINING.COM@TRAINING.COM 

[2467] 1538273381.162700: Couldn't lookup etypes in keytab: 
13/Permission denied 

[...] 

[2467] 1538273381.260416: Retrieving 
HTTP/duspa01-u171282.training.com@TRAINING.COM from 
FILE:/etc/wa.keytab (vno 0, enctype rc4-hmac) with result: 
13/Permission denied 

[2467] 1538273381.260425: Preauth module encrypted_timestamp (2) 
(flags=1) returned: 13/Permission denied 

How can I fix this ?
Cause:
We noted that the Web Agent OS date and time was in the future.
Resolution:
We changed the time back two days ago by restarting the ntp client on 
the machine and the network clock set it as per the other machines to 
Fri, 28 Sep 2018 11:47:01 +0000, and the permission denied issue 
disapeared. 

[2936] 1538135221.803975: Selected etype info: etype rc4-hmac, salt 
"", params "" 

[2936] 1538135221.804095: Retrieving 
HTTP/duspa01-u171282.training.com@TRAINING.COM from 
FILE:/etc/wa.keytab (vno 0, enctype rc4-hmac) with result: 0/Success 

[2936] 1538135221.804186: AS key obtained for encrypted timestamp: 
rc4-hmac/3086