On Sun, Feb 7, 2010 at 6:59 PM, Stefan Seelmann <seelmann@apache.org> wrote:
Amila Suriarachchi wrote:
All these samples uses EXAMPLE.COM <http://EXAMPLE.COM> as the domain. on the dc=example,dc=com partition.


Can I configure more the one domain in one kerborse server?

AFAIK this isn't possible yet. But you can use WS02.COM as the domain (realm).


I tried to add a different partition and same set of user by editing the lidf file. please see the attachments.

but get this exception when try to log with hnelson@WSO2.COM

In your server.xml the searchBaseDN attribute in <kdcServer> is missing. And for <ldapServer> set the right values for saslHost, saslPrincipal and searchBaseDn.

thanks Stefan, I got following exceptions when I try to rename the domain.

Actually if I use sample code i.e using EXAMPLE.COM domain then even without specifying the  searchBaseDn either in kdcServer or ldapServer it works fine. But if I move the user entries to ou=users,ou=system folder (by changing the ldif file) then it does not work.

I rename EXAMPLE.COM to WSO2.COM (please see the attached files). Then when I tried to login as hnelson@WSO2 it gives following log out put.

[10:56:08] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpected exception forcing session to close: sending disconnect notice to client.
java.lang.NullPointerException
    at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:129)
    at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
    at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232)
    at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:194)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
    at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
    at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480)
    at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434)
    at java.lang.Thread.run(Thread.java:619)
[10:56:08] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Null LdapSession given to cleanUpSession.
[10:56:49] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpected exception forcing session to close: sending disconnect notice to client.
java.lang.NullPointerException
    at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:129)
    at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
    at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232)
    at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:194)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
    at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
    at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480)
    at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434)
    at java.lang.Thread.run(Thread.java:619)
[10:56:49] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Null LdapSession given to cleanUpSession.
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:53911 CREATED:  datagram
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:53911 OPENED
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:53911 RCVD:  org.apache.directory.server.kerberos.shared.messages.KdcRequest@79429cb2
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request:
    messageType:           AS_REQ
    protocolVersionNumber: 5
    clientAddress:         127.0.0.1
    nonce:                 1265606836
    kdcOptions:           
    clientPrincipal:       hnelson@WSO2.COM
    serverPrincipal:       krbtgt/WSO2.COM@WSO2.COM
    encryptionType:        des3-cbc-sha1-kd (16), des-cbc-md5 (3), des-cbc-crc (1), aes256-cts-hmac-sha1-96 (18), aes128-cts-hmac-sha1-96 (17), rc4-hmac (23)
    realm:                 WSO2.COM
    from time:             null
    till time:             19700101000000Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3).
[10:57:16] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
    dn[n]: uid=hnelson,ou=Users,dc=wso2,dc=com
    objectClass: organizationalPerson
    objectClass: person
    objectClass: krb5Principal
    objectClass: inetOrgPerson
    objectClass: krb5KDCEntry
    objectClass: top
    uid: hnelson
    cn: Horatio Nelson
    sn: Nelson
    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
    krb5KeyVersionNumber: 0
    krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x64 0xE9 0x2C 0x3B 0xCD ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x05 0x83 0x07 0xC8 0x4B ...'
    krb5Key: '0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0x83 0x68 0x81 0xC3 0x62 ...'
    krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x8C 0x52 0x4A 0x23 0xCE ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x87 0x8D 0x80 0x14 0x60 ...'
    krb5PrincipalName: hnelson@WSO2.COM
 for kerberos principal name hnelson@WSO2.COM
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem.
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp.
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal hnelson@WSO2.COM has no SAM type.  Proceeding with standard pre-authentication.
[10:57:16] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException: Additional pre-authentication required
    at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:268)
    at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:106)
    at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
    at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:425)
    at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
    at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
    at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
    at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
    at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:619)
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error:
    explanatory text:      Additional pre-authentication required
    error code:            25
    clientPrincipal:       null
    client time:           null
    serverPrincipal:       krbtgt/EXAMPLE.COM@EXAMPLE.COM
    server time:           20100208052716Z
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:53911 SENT:  org.apache.directory.server.kerberos.shared.messages.ErrorMessage@59c958af
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:34535 CREATED:  datagram
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:34535 OPENED
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:34535 RCVD:  org.apache.directory.server.kerberos.shared.messages.KdcRequest@42bd93cd
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request:
    messageType:           AS_REQ
    protocolVersionNumber: 5
    clientAddress:         127.0.0.1
    nonce:                 1265606837
    kdcOptions:           
    clientPrincipal:       hnelson@WSO2.COM
    serverPrincipal:       krbtgt/WSO2.COM@WSO2.COM
    encryptionType:        des-cbc-md5 (3)
    realm:                 WSO2.COM
    from time:             null
    till time:             19700101000000Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3).
[10:57:16] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
    dn[n]: uid=hnelson,ou=Users,dc=wso2,dc=com
    objectClass: organizationalPerson
    objectClass: person
    objectClass: krb5Principal
    objectClass: inetOrgPerson
    objectClass: krb5KDCEntry
    objectClass: top
    uid: hnelson
    cn: Horatio Nelson
    sn: Nelson
    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
    krb5KeyVersionNumber: 0
    krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x64 0xE9 0x2C 0x3B 0xCD ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x05 0x83 0x07 0xC8 0x4B ...'
    krb5Key: '0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0x83 0x68 0x81 0xC3 0x62 ...'
    krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x8C 0x52 0x4A 0x23 0xCE ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x87 0x8D 0x80 0x14 0x60 ...'
    krb5PrincipalName: hnelson@WSO2.COM
 for kerberos principal name hnelson@WSO2.COM
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem.
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp.
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal hnelson@WSO2.COM has no SAM type.  Proceeding with standard pre-authentication.
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Pre-authentication by encrypted timestamp successful for hnelson@WSO2.COM.
[10:57:16] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
    dn[n]: uid=krbtgt,ou=Users,dc=wso2,dc=com
    objectClass: organizationalPerson
    objectClass: person
    objectClass: krb5Principal
    objectClass: inetOrgPerson
    objectClass: krb5KDCEntry
    objectClass: top
    uid: krbtgt
    cn: KDC Service
    sn: Service
    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
    krb5KeyVersionNumber: 0
    krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x5E 0x3D 0x94 0x40 0xF2 ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0xF3 0x35 0xE9 0x1E 0x37 ...'
    krb5Key: '0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0xD0 0x01 0xFE 0x00 0xFB ...'
    krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0xBF 0x1C 0x92 0x7A 0xDA ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x87 0x8D 0x80 0x14 0x60 ...'
    krb5PrincipalName: krbtgt/WSO2.COM@WSO2.COM
 for kerberos principal name krbtgt/WSO2.COM@WSO2.COM
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Ticket will be issued for access to krbtgt/WSO2.COM@WSO2.COM.
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Monitoring Authentication Service (AS) context:
    clockSkew              300000
    clientAddress          /127.0.0.1
    principal              hnelson@WSO2.COM
    cn                     null
    realm                  null
    principal              hnelson@WSO2.COM
    SAM type               null
    principal              krbtgt/WSO2.COM@WSO2.COM
    cn                     null
    realm                  null
    principal              krbtgt/WSO2.COM@WSO2.COM
    SAM type               null
    Request key type       des-cbc-md5 (3)
    Client key version     0
    Server key version     0
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Responding with Authentication Service (AS) reply:
    messageType:           AS_REP
    protocolVersionNumber: 5
    nonce:                 1265606837
    clientPrincipal:       hnelson@WSO2.COM
    client realm:          WSO2.COM
    serverPrincipal:       krbtgt/WSO2.COM@WSO2.COM
    server realm:          WSO2.COM
    auth time:             20100208052716Z
    start time:            null
    end time:              20100209052716Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:34535 SENT:  org.apache.directory.server.kerberos.shared.messages.AuthenticationReply@7f9480b8
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:50621 CREATED:  datagram
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:50621 OPENED
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:50621 RCVD:  org.apache.directory.server.kerberos.shared.messages.KdcRequest@6e8ef177
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Received Ticket-Granting Service (TGS) request:
    messageType:           TGS_REQ
    protocolVersionNumber: 5
    clientAddress:         127.0.0.1
    nonce:                 1265606838
    kdcOptions:           
    clientPrincipal:       null
    serverPrincipal:       ldap/localhost@WSO2.COM
    encryptionType:        des3-cbc-sha1-kd (16), des-cbc-md5 (3), des-cbc-crc (1), aes256-cts-hmac-sha1-96 (18), aes128-cts-hmac-sha1-96 (17), rc4-hmac (23)
    realm:                 WSO2.COM
    from time:             null
    till time:             19700101000000Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Session will use encryption type des-cbc-md5 (3).
[10:57:16] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - The ticket isn't for us (35)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException: The ticket isn't for us
    at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyTgt(TicketGrantingService.java:232)
    at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:99)
    at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
    at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:425)
    at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
    at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
    at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
    at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
    at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:619)
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error:
    explanatory text:      The ticket isn't for us
    error code:            35
    clientPrincipal:       null
    client time:           null
    serverPrincipal:       krbtgt/EXAMPLE.COM@EXAMPLE.COM
    server time:           20100208052716Z
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:50621 SENT:  org.apache.directory.server.kerberos.shared.messages.ErrorMessage@63a6b16f

1. [10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal hnelson@WSO2.COM has no SAM type.  Proceeding with standard pre-authentication.

what is SAM type?

2. [10:57:16] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - The ticket isn't for us (35)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException: The ticket isn't for us

It seems that server try to check it with the krbtgt/EXAMPLE.COM@EXAMPLE.COM. I am not sure how it came from?

3. How ApacheDS search for the client and server principles?



thanks,
Amila.



Kind Regards,
Stefan




--
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/