directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amila Suriarachchi <amilasuriarach...@gmail.com>
Subject Re: Configuring Apache Directory studio with kerberos
Date Mon, 08 Feb 2010 05:40:24 GMT
On Sun, Feb 7, 2010 at 6:59 PM, Stefan Seelmann <seelmann@apache.org> wrote:

> Amila Suriarachchi wrote:
>
>> All these samples uses EXAMPLE.COM <http://EXAMPLE.COM> as the domain. on
>> the dc=example,dc=com partition.
>>
>>
>> Can I configure more the one domain in one kerborse server?
>>
>
> AFAIK this isn't possible yet. But you can use WS02.COM as the domain
> (realm).
>
>
>  I tried to add a different partition and same set of user by editing the
>> lidf file. please see the attachments.
>>
>> but get this exception when try to log with hnelson@WSO2.COM
>>
>
> In your server.xml the searchBaseDN attribute in <kdcServer> is missing.
> And for <ldapServer> set the right values for saslHost, saslPrincipal and
> searchBaseDn.
>

thanks Stefan, I got following exceptions when I try to rename the domain.

Actually if I use sample code i.e using EXAMPLE.COM domain then even without
specifying the  searchBaseDn either in kdcServer or ldapServer it works
fine. But if I move the user entries to ou=users,ou=system folder (by
changing the ldif file) then it does not work.

I rename EXAMPLE.COM to WSO2.COM (please see the attached files). Then when
I tried to login as hnelson@WSO2 it gives following log out put.

[10:56:08] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] -
Unexpected exception forcing session to close: sending disconnect notice to
client.
java.lang.NullPointerException
    at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:129)
    at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
    at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232)
    at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:194)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
    at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
    at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480)
    at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434)
    at java.lang.Thread.run(Thread.java:619)
[10:56:08] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] -
Null LdapSession given to cleanUpSession.
[10:56:49] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] -
Unexpected exception forcing session to close: sending disconnect notice to
client.
java.lang.NullPointerException
    at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:129)
    at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
    at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232)
    at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:194)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
    at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
    at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480)
    at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434)
    at java.lang.Thread.run(Thread.java:619)
[10:56:49] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] -
Null LdapSession given to cleanUpSession.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:53911 CREATED:  datagram
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:53911 OPENED
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:53911 RCVD:
org.apache.directory.server.kerberos.shared.messages.KdcRequest@79429cb2
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Received Authentication Service (AS) request:
    messageType:           AS_REQ
    protocolVersionNumber: 5
    clientAddress:         127.0.0.1
    nonce:                 1265606836
    kdcOptions:
    clientPrincipal:       hnelson@WSO2.COM
    serverPrincipal:       krbtgt/WSO2.COM@WSO2.COM
    encryptionType:        des3-cbc-sha1-kd (16), des-cbc-md5 (3),
des-cbc-crc (1), aes256-cts-hmac-sha1-96 (18), aes128-cts-hmac-sha1-96 (17),
rc4-hmac (23)
    realm:                 WSO2.COM
    from time:             null
    till time:             19700101000000Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Session will use encryption type des-cbc-md5 (3).
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
    dn[n]: uid=hnelson,ou=Users,dc=wso2,dc=com
    objectClass: organizationalPerson
    objectClass: person
    objectClass: krb5Principal
    objectClass: inetOrgPerson
    objectClass: krb5KDCEntry
    objectClass: top
    uid: hnelson
    cn: Horatio Nelson
    sn: Nelson
    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
    krb5KeyVersionNumber: 0
    krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x64
0xE9 0x2C 0x3B 0xCD ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x05
0x83 0x07 0xC8 0x4B ...'
    krb5Key: '0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0x83
0x68 0x81 0xC3 0x62 ...'
    krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x8C
0x52 0x4A 0x23 0xCE ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x87
0x8D 0x80 0x14 0x60 ...'
    krb5PrincipalName: hnelson@WSO2.COM
 for kerberos principal name hnelson@WSO2.COM
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using SAM subsystem.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using encrypted timestamp.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Entry for client principal hnelson@WSO2.COM has no SAM type.  Proceeding
with standard pre-authentication.
[10:57:16] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Additional pre-authentication required (25)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
Additional pre-authentication required
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:268)
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:106)
    at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:425)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
    at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:619)
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Responding to request with error:
    explanatory text:      Additional pre-authentication required
    error code:            25
    clientPrincipal:       null
    client time:           null
    serverPrincipal:       krbtgt/EXAMPLE.COM@EXAMPLE.COM
    server time:           20100208052716Z
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:53911 SENT:
org.apache.directory.server.kerberos.shared.messages.ErrorMessage@59c958af
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:34535 CREATED:  datagram
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:34535 OPENED
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:34535 RCVD:
org.apache.directory.server.kerberos.shared.messages.KdcRequest@42bd93cd
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Received Authentication Service (AS) request:
    messageType:           AS_REQ
    protocolVersionNumber: 5
    clientAddress:         127.0.0.1
    nonce:                 1265606837
    kdcOptions:
    clientPrincipal:       hnelson@WSO2.COM
    serverPrincipal:       krbtgt/WSO2.COM@WSO2.COM
    encryptionType:        des-cbc-md5 (3)
    realm:                 WSO2.COM
    from time:             null
    till time:             19700101000000Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Session will use encryption type des-cbc-md5 (3).
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
    dn[n]: uid=hnelson,ou=Users,dc=wso2,dc=com
    objectClass: organizationalPerson
    objectClass: person
    objectClass: krb5Principal
    objectClass: inetOrgPerson
    objectClass: krb5KDCEntry
    objectClass: top
    uid: hnelson
    cn: Horatio Nelson
    sn: Nelson
    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
    krb5KeyVersionNumber: 0
    krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x64
0xE9 0x2C 0x3B 0xCD ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x05
0x83 0x07 0xC8 0x4B ...'
    krb5Key: '0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0x83
0x68 0x81 0xC3 0x62 ...'
    krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x8C
0x52 0x4A 0x23 0xCE ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x87
0x8D 0x80 0x14 0x60 ...'
    krb5PrincipalName: hnelson@WSO2.COM
 for kerberos principal name hnelson@WSO2.COM
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using SAM subsystem.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using encrypted timestamp.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Entry for client principal hnelson@WSO2.COM has no SAM type.  Proceeding
with standard pre-authentication.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Pre-authentication by encrypted timestamp successful for hnelson@WSO2.COM.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
    dn[n]: uid=krbtgt,ou=Users,dc=wso2,dc=com
    objectClass: organizationalPerson
    objectClass: person
    objectClass: krb5Principal
    objectClass: inetOrgPerson
    objectClass: krb5KDCEntry
    objectClass: top
    uid: krbtgt
    cn: KDC Service
    sn: Service
    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
    krb5KeyVersionNumber: 0
    krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x5E
0x3D 0x94 0x40 0xF2 ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0xF3
0x35 0xE9 0x1E 0x37 ...'
    krb5Key: '0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0xD0
0x01 0xFE 0x00 0xFB ...'
    krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0xBF
0x1C 0x92 0x7A 0xDA ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x87
0x8D 0x80 0x14 0x60 ...'
    krb5PrincipalName: krbtgt/WSO2.COM@WSO2.COM
 for kerberos principal name krbtgt/WSO2.COM@WSO2.COM
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Ticket will be issued for access to krbtgt/WSO2.COM@WSO2.COM.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Monitoring Authentication Service (AS) context:
    clockSkew              300000
    clientAddress          /127.0.0.1
    principal              hnelson@WSO2.COM
    cn                     null
    realm                  null
    principal              hnelson@WSO2.COM
    SAM type               null
    principal              krbtgt/WSO2.COM@WSO2.COM
    cn                     null
    realm                  null
    principal              krbtgt/WSO2.COM@WSO2.COM
    SAM type               null
    Request key type       des-cbc-md5 (3)
    Client key version     0
    Server key version     0
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Responding with Authentication Service (AS) reply:
    messageType:           AS_REP
    protocolVersionNumber: 5
    nonce:                 1265606837
    clientPrincipal:       hnelson@WSO2.COM
    client realm:          WSO2.COM
    serverPrincipal:       krbtgt/WSO2.COM@WSO2.COM
    server realm:          WSO2.COM
    auth time:             20100208052716Z
    start time:            null
    end time:              20100209052716Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:34535 SENT:
org.apache.directory.server.kerberos.shared.messages.AuthenticationReply@7f9480b8
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:50621 CREATED:  datagram
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:50621 OPENED
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:50621 RCVD:
org.apache.directory.server.kerberos.shared.messages.KdcRequest@6e8ef177
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService]
- Received Ticket-Granting Service (TGS) request:
    messageType:           TGS_REQ
    protocolVersionNumber: 5
    clientAddress:         127.0.0.1
    nonce:                 1265606838
    kdcOptions:
    clientPrincipal:       null
    serverPrincipal:       ldap/localhost@WSO2.COM
    encryptionType:        des3-cbc-sha1-kd (16), des-cbc-md5 (3),
des-cbc-crc (1), aes256-cts-hmac-sha1-96 (18), aes128-cts-hmac-sha1-96 (17),
rc4-hmac (23)
    realm:                 WSO2.COM
    from time:             null
    till time:             19700101000000Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService]
- Session will use encryption type des-cbc-md5 (3).
[10:57:16] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
The ticket isn't for us (35)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
The ticket isn't for us
    at
org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyTgt(TicketGrantingService.java:232)
    at
org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:99)
    at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:425)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
    at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:619)
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Responding to request with error:
    explanatory text:      The ticket isn't for us
    error code:            35
    clientPrincipal:       null
    client time:           null
    serverPrincipal:       krbtgt/EXAMPLE.COM@EXAMPLE.COM
    server time:           20100208052716Z
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:50621 SENT:
org.apache.directory.server.kerberos.shared.messages.ErrorMessage@63a6b16f

1. [10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Entry for client principal hnelson@WSO2.COM has no SAM type.  Proceeding
with standard pre-authentication.

what is SAM type?

2. [10:57:16] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
The ticket isn't for us (35)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
The ticket isn't for us

It seems that server try to check it with the krbtgt/EXAMPLE.COM@EXAMPLE.COM.
I am not sure how it came from?

3. How ApacheDS search for the client and server principles?



thanks,
Amila.



> Kind Regards,
> Stefan
>
>


-- 
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/

Mime
View raw message