directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject Re: [kerberos client]Problem to obtain TGT from KDC.
Date Wed, 24 Oct 2007 19:30:05 GMT
Hi, Leo,

This looks like an MIT Kerberos configuration issue.  The MIT KDC is
responding that it is not configured to use encryption type 3
(DES-CBC-MD5).  The client is simply reporting the error returned by
the KDC.  I recommend reviewing MIT Kerberos server documentation.
Alternatively, you can use the "long form" of the ApacheDS Kerberos
client component to try to use an enc type that is supported by
default by MIT Kerberos KDC.

Enrique


On 10/23/07, Leo Li <liyilei1979@gmail.com> wrote:
> Hi, all
>
>    I am trying to connect to KDC to get a TGT by:
>    String hostname = "wks107904wss.cn.ibm.com";
>    int port = 88;
>    KdcConnection con = new KdcConnection( hostname + ":" + port );
>    KerberosTicket tgt = con.getTicketGrantingTicket( clientPrincipal,
> password );
>
>    But it fails with such stacktrace:
>    Exception in thread "main"
> org.apache.directory.client.kerberos.KdcConnectionException:
> BAD_ENCRYPTION_TYPE
> at org.apache.directory.client.kerberos.GetTicketGrantingTicket.processError(GetTicketGrantingTicket.java:167)
> at org.apache.directory.client.kerberos.GetTicketGrantingTicket.execute(GetTicketGrantingTicket.java:153)
> at org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:118)
> at org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:101)
> at org.apache.directory.client.kerberos.Main.go(Main.java:62)
> at org.apache.directory.client.kerberos.Main.main(Main.java:55)
>
>
>   And on the kdc side, the server has such log:
>   Oct 23 16:12:28 wks107904wss.cn.ibm.com krb5kdc[2304](info) :
> AS_REQ(1 etypes{3}) 9.181.106.61:BAD_ENCRYPTION_TYPE:leo@EXAMPLE.COM
> for krbtgt/EXAMPLE.COM@EXAMPLE.COM, KDC has no support for encryption
> type
>
>   The KDC is provided by redhat enterprise 5 with default setup configuration.
>
>   And if I try the same program in the machine where KDC resides and
> run it with "localhost" as host parameter, it will get null TGT and
> from the KDC log there seems no further log as if no Kerberos Request
> had been sent to KDC.
>
>   Can somebody help?
>
>   Thanks,
>
> --
> Leo Li
> China Software Development Lab, IBM
>

Mime
View raw message