Windows kinit kerberos connection fails with ICMP Port Unreachable

kinitmitkerberoswindows

I'm trying to connect to a kerberos server with a keytab:

kinit -k -t securitytest.keytab securitytest@RRRR.COM

Exception: ICMP Port Unreachable
java.net.PortUnreachableException: ICMP Port Unreachable
        at java.base/java.net.DualStackPlainDatagramSocketImpl.socketReceiveOrPeekData(Native Method)
        at java.base/java.net.DualStackPlainDatagramSocketImpl.receive0(DualStackPlainDatagramSocketImpl.java:124)
        at java.base/java.net.AbstractPlainDatagramSocketImpl.receive(AbstractPlainDatagramSocketImpl.java:181)
        at java.base/java.net.DatagramSocket.receive(DatagramSocket.java:814)
        at java.security.jgss/sun.security.krb5.internal.UDPClient.receive(NetClient.java:205)
        at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:404)
        at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:364)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:348)
        at java.security.jgss/sun.security.krb5.KdcComm.sendIfPossible(KdcComm.java:253)
        at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:229)
        at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
        at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:326)
        at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:371)
        at java.security.jgss/sun.security.krb5.internal.tools.Kinit.acquire(Kinit.java:248)
        at java.security.jgss/sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:134)
        at java.security.jgss/sun.security.krb5.internal.tools.Kinit.main(Kinit.java:96)

Now I did try to turn off the Windows firewall completely and in the krb5.ini to set also the port 88 for the kdc as some hinted but it doesn't help. Telneting the kdc address's port works. Updated from java 1.8 to 1.11, still the same issue.

If I connect with a principal name and password from the kerberos gui, it works. The kinit connection with a tab file works on mac and linux machines.

Ideas to resolve this issue?

Best Answer

in the windows environment, kinit.exe also exists in the installation directory of JDK, make sure the kinit.exe you are using is located in the installation directory of kerberos.

Related Topic