Return-Path: 
 <dev-return-32647-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: (qmail 98213 invoked from network); 8 Feb 2010 05:40:57 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 8 Feb 2010 05:40:57 -0000
Received: (qmail 60436 invoked by uid 500); 8 Feb 2010 05:40:57 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 60288 invoked by uid 500); 8 Feb 2010 05:40:56 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 60280 invoked by uid 99); 8 Feb 2010 05:40:56 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Feb 2010 05:40:56 +0000
X-ASF-Spam-Status: No, hits=3.7 required=10.0
	tests=HTML_MESSAGE,NORMAL_HTTP_TO_IP,SPF_PASS,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of amilasuriarachchi@gmail.com
 designates 209.85.222.200 as permitted sender)
Received: from [209.85.222.200] (HELO mail-pz0-f200.google.com)
 (209.85.222.200)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Feb 2010 05:40:47 +0000
Received: by pzk38 with SMTP id 38so6772687pzk.9
        for <dev@directory.apache.org>; Sun, 07 Feb 2010 21:40:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type;
        bh=4fuN+MttBMakHsP8VB05loeDNWkxqRACjMtS6dRc1ak=;
        b=Ojmj/yVR9h2FbwP0P7hYuyS6NvNFwlff88rimNP5SYQK1mnDII94U2DwZLrVcVhYAF
         6xRFS2nwG9V6zEoTE2v21RlWrrNn6SpfdqmMUAKwhXvOucM4anTB9R4pKSPGmmYAQkqm
         JoWf4z4hlgDvGy5m/N5OXdj+/R9dOSUuAqqlo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=w2Djb3sJo8CdCdm2++YTmPD+xGAaXH+8Wn74MM/Bw3yrj/g2vmcVgGiK4BWPM1KUYH
         +EjQ/yx8iFLMTfX+thjP+OXQq6hcAa93t5kNcoNQtldSN86II3mURSDAQkucYTquup4J
         chKIKvON9JCnhgEeISVZGWevnaNOU95+XM97A=
MIME-Version: 1.0
Received: by 10.142.67.22 with SMTP id p22mr1890957wfa.217.1265607625599;
 Sun,
	07 Feb 2010 21:40:25 -0800 (PST)
In-Reply-To: <4B6EC02A.5040304@apache.org>
References: <60708f4b1001290022v20e0b9eal97bc662f14b955c@mail.gmail.com>
	 <4B62AD78.1060704@apache.org>
	 <60708f4b1001290518g2a54ccb5id25ef3e44874e81b@mail.gmail.com>
	 <4B688EAC.30301@apache.org>
	 <60708f4b1002051928r4400bf43t395c3a7d1ab63888@mail.gmail.com>
	 <60708f4b1002052128l49fc449am509ebb8df15b3fe4@mail.gmail.com>
	 <4B6D2F83.8030801@apache.org>
	 <60708f4b1002070122w2c8298c2i80d69bd923e5cf7a@mail.gmail.com>
	 <4B6EC02A.5040304@apache.org>
Date: Mon, 8 Feb 2010 11:10:24 +0530
Message-ID: <60708f4b1002072140x61fe8db0uda5be9af7e8aa8be@mail.gmail.com>
Subject: Re: Configuring Apache Directory studio with kerberos
From: Amila Suriarachchi <amilasuriarachchi@gmail.com>
To: Apache Directory Developers List <dev@directory.apache.org>
Content-Type: multipart/mixed; boundary=001636e907d0f2f510047f103c11

--001636e907d0f2f510047f103c11
Content-Type: multipart/alternative; boundary=001636e907d0f2f50a047f103c0f

--001636e907d0f2f50a047f103c0f
Content-Type: text/plain; charset=ISO-8859-1

On Sun, Feb 7, 2010 at 6:59 PM, Stefan Seelmann <seelmann@apache.org> wrote:

> Amila Suriarachchi wrote:
>
>> All these samples uses EXAMPLE.COM <http://EXAMPLE.COM> as the domain. on
>> the dc=example,dc=com partition.
>>
>>
>> Can I configure more the one domain in one kerborse server?
>>
>
> AFAIK this isn't possible yet. But you can use WS02.COM as the domain
> (realm).
>
>
>  I tried to add a different partition and same set of user by editing the
>> lidf file. please see the attachments.
>>
>> but get this exception when try to log with hnelson@WSO2.COM
>>
>
> In your server.xml the searchBaseDN attribute in <kdcServer> is missing.
> And for <ldapServer> set the right values for saslHost, saslPrincipal and
> searchBaseDn.
>

thanks Stefan, I got following exceptions when I try to rename the domain.

Actually if I use sample code i.e using EXAMPLE.COM domain then even without
specifying the  searchBaseDn either in kdcServer or ldapServer it works
fine. But if I move the user entries to ou=users,ou=system folder (by
changing the ldif file) then it does not work.

I rename EXAMPLE.COM to WSO2.COM (please see the attached files). Then when
I tried to login as hnelson@WSO2 it gives following log out put.

[10:56:08] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] -
Unexpected exception forcing session to close: sending disconnect notice to
client.
java.lang.NullPointerException
    at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:129)
    at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
    at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232)
    at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:194)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
    at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
    at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480)
    at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434)
    at java.lang.Thread.run(Thread.java:619)
[10:56:08] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] -
Null LdapSession given to cleanUpSession.
[10:56:49] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] -
Unexpected exception forcing session to close: sending disconnect notice to
client.
java.lang.NullPointerException
    at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:129)
    at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
    at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232)
    at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:194)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
    at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
    at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480)
    at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434)
    at java.lang.Thread.run(Thread.java:619)
[10:56:49] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] -
Null LdapSession given to cleanUpSession.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:53911 CREATED:  datagram
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:53911 OPENED
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:53911 RCVD:
org.apache.directory.server.kerberos.shared.messages.KdcRequest@79429cb2
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Received Authentication Service (AS) request:
    messageType:           AS_REQ
    protocolVersionNumber: 5
    clientAddress:         127.0.0.1
    nonce:                 1265606836
    kdcOptions:
    clientPrincipal:       hnelson@WSO2.COM
    serverPrincipal:       krbtgt/WSO2.COM@WSO2.COM
    encryptionType:        des3-cbc-sha1-kd (16), des-cbc-md5 (3),
des-cbc-crc (1), aes256-cts-hmac-sha1-96 (18), aes128-cts-hmac-sha1-96 (17),
rc4-hmac (23)
    realm:                 WSO2.COM
    from time:             null
    till time:             19700101000000Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Session will use encryption type des-cbc-md5 (3).
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
    dn[n]: uid=hnelson,ou=Users,dc=wso2,dc=com
    objectClass: organizationalPerson
    objectClass: person
    objectClass: krb5Principal
    objectClass: inetOrgPerson
    objectClass: krb5KDCEntry
    objectClass: top
    uid: hnelson
    cn: Horatio Nelson
    sn: Nelson
    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
    krb5KeyVersionNumber: 0
    krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x64
0xE9 0x2C 0x3B 0xCD ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x05
0x83 0x07 0xC8 0x4B ...'
    krb5Key: '0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0x83
0x68 0x81 0xC3 0x62 ...'
    krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x8C
0x52 0x4A 0x23 0xCE ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x87
0x8D 0x80 0x14 0x60 ...'
    krb5PrincipalName: hnelson@WSO2.COM
 for kerberos principal name hnelson@WSO2.COM
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using SAM subsystem.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using encrypted timestamp.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Entry for client principal hnelson@WSO2.COM has no SAM type.  Proceeding
with standard pre-authentication.
[10:57:16] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Additional pre-authentication required (25)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
Additional pre-authentication required
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:268)
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:106)
    at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:425)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
    at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:619)
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Responding to request with error:
    explanatory text:      Additional pre-authentication required
    error code:            25
    clientPrincipal:       null
    client time:           null
    serverPrincipal:       krbtgt/EXAMPLE.COM@EXAMPLE.COM
    server time:           20100208052716Z
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:53911 SENT:
org.apache.directory.server.kerberos.shared.messages.ErrorMessage@59c958af
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:34535 CREATED:  datagram
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:34535 OPENED
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:34535 RCVD:
org.apache.directory.server.kerberos.shared.messages.KdcRequest@42bd93cd
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Received Authentication Service (AS) request:
    messageType:           AS_REQ
    protocolVersionNumber: 5
    clientAddress:         127.0.0.1
    nonce:                 1265606837
    kdcOptions:
    clientPrincipal:       hnelson@WSO2.COM
    serverPrincipal:       krbtgt/WSO2.COM@WSO2.COM
    encryptionType:        des-cbc-md5 (3)
    realm:                 WSO2.COM
    from time:             null
    till time:             19700101000000Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Session will use encryption type des-cbc-md5 (3).
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
    dn[n]: uid=hnelson,ou=Users,dc=wso2,dc=com
    objectClass: organizationalPerson
    objectClass: person
    objectClass: krb5Principal
    objectClass: inetOrgPerson
    objectClass: krb5KDCEntry
    objectClass: top
    uid: hnelson
    cn: Horatio Nelson
    sn: Nelson
    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
    krb5KeyVersionNumber: 0
    krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x64
0xE9 0x2C 0x3B 0xCD ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x05
0x83 0x07 0xC8 0x4B ...'
    krb5Key: '0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0x83
0x68 0x81 0xC3 0x62 ...'
    krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x8C
0x52 0x4A 0x23 0xCE ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x87
0x8D 0x80 0x14 0x60 ...'
    krb5PrincipalName: hnelson@WSO2.COM
 for kerberos principal name hnelson@WSO2.COM
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using SAM subsystem.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using encrypted timestamp.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Entry for client principal hnelson@WSO2.COM has no SAM type.  Proceeding
with standard pre-authentication.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Pre-authentication by encrypted timestamp successful for hnelson@WSO2.COM.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
    dn[n]: uid=krbtgt,ou=Users,dc=wso2,dc=com
    objectClass: organizationalPerson
    objectClass: person
    objectClass: krb5Principal
    objectClass: inetOrgPerson
    objectClass: krb5KDCEntry
    objectClass: top
    uid: krbtgt
    cn: KDC Service
    sn: Service
    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
    krb5KeyVersionNumber: 0
    krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x5E
0x3D 0x94 0x40 0xF2 ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0xF3
0x35 0xE9 0x1E 0x37 ...'
    krb5Key: '0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0xD0
0x01 0xFE 0x00 0xFB ...'
    krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0xBF
0x1C 0x92 0x7A 0xDA ...'
    krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x87
0x8D 0x80 0x14 0x60 ...'
    krb5PrincipalName: krbtgt/WSO2.COM@WSO2.COM
 for kerberos principal name krbtgt/WSO2.COM@WSO2.COM
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Ticket will be issued for access to krbtgt/WSO2.COM@WSO2.COM.
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Monitoring Authentication Service (AS) context:
    clockSkew              300000
    clientAddress          /127.0.0.1
    principal              hnelson@WSO2.COM
    cn                     null
    realm                  null
    principal              hnelson@WSO2.COM
    SAM type               null
    principal              krbtgt/WSO2.COM@WSO2.COM
    cn                     null
    realm                  null
    principal              krbtgt/WSO2.COM@WSO2.COM
    SAM type               null
    Request key type       des-cbc-md5 (3)
    Client key version     0
    Server key version     0
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Responding with Authentication Service (AS) reply:
    messageType:           AS_REP
    protocolVersionNumber: 5
    nonce:                 1265606837
    clientPrincipal:       hnelson@WSO2.COM
    client realm:          WSO2.COM
    serverPrincipal:       krbtgt/WSO2.COM@WSO2.COM
    server realm:          WSO2.COM
    auth time:             20100208052716Z
    start time:            null
    end time:              20100209052716Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:34535 SENT:
org.apache.directory.server.kerberos.shared.messages.AuthenticationReply@7f9480b8
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:50621 CREATED:  datagram
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:50621 OPENED
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:50621 RCVD:
org.apache.directory.server.kerberos.shared.messages.KdcRequest@6e8ef177
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService]
- Received Ticket-Granting Service (TGS) request:
    messageType:           TGS_REQ
    protocolVersionNumber: 5
    clientAddress:         127.0.0.1
    nonce:                 1265606838
    kdcOptions:
    clientPrincipal:       null
    serverPrincipal:       ldap/localhost@WSO2.COM
    encryptionType:        des3-cbc-sha1-kd (16), des-cbc-md5 (3),
des-cbc-crc (1), aes256-cts-hmac-sha1-96 (18), aes128-cts-hmac-sha1-96 (17),
rc4-hmac (23)
    realm:                 WSO2.COM
    from time:             null
    till time:             19700101000000Z
    renew-till time:       null
    hostAddresses:         null
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService]
- Session will use encryption type des-cbc-md5 (3).
[10:57:16] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
The ticket isn't for us (35)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
The ticket isn't for us
    at
org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyTgt(TicketGrantingService.java:232)
    at
org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:99)
    at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
    at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:425)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
    at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:619)
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Responding to request with error:
    explanatory text:      The ticket isn't for us
    error code:            35
    clientPrincipal:       null
    client time:           null
    serverPrincipal:       krbtgt/EXAMPLE.COM@EXAMPLE.COM
    server time:           20100208052716Z
[10:57:16] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
127.0.0.1:50621 SENT:
org.apache.directory.server.kerberos.shared.messages.ErrorMessage@63a6b16f

1. [10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Entry for client principal hnelson@WSO2.COM has no SAM type.  Proceeding
with standard pre-authentication.

what is SAM type?

2. [10:57:16] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
The ticket isn't for us (35)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
The ticket isn't for us

It seems that server try to check it with the krbtgt/EXAMPLE.COM@EXAMPLE.COM.
I am not sure how it came from?

3. How ApacheDS search for the client and server principles?



thanks,
Amila.



> Kind Regards,
> Stefan
>
>


-- 
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/

--001636e907d0f2f50a047f103c0f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<br><br><div class=3D"gmail_quote">On Sun, Feb 7, 2010 at 6:59 PM, Stefan S=
eelmann <span dir=3D"ltr">&lt;<a href=3D"mailto:seelmann@apache.org">seelma=
nn@apache.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" st=
yle=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex=
; padding-left: 1ex;">
Amila Suriarachchi wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
All these samples uses <a href=3D"http://EXAMPLE.COM" target=3D"_blank">EXA=
MPLE.COM</a> &lt;<a href=3D"http://EXAMPLE.COM" target=3D"_blank">http://EX=
AMPLE.COM</a>&gt; as the domain. on the dc=3Dexample,dc=3Dcom partition.<di=
v class=3D"im">
<br>
<br>
Can I configure more the one domain in one kerborse server?<br>
</div></blockquote>
<br>
AFAIK this isn&#39;t possible yet. But you can use <a href=3D"http://WS02.C=
OM" target=3D"_blank">WS02.COM</a> as the domain (realm).<div class=3D"im">=
<br>
<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I tried to add a different partition and same set of user by editing the li=
df file. please see the attachments.<br>
<br>
but get this exception when try to log with <a href=3D"mailto:hnelson@WSO2.=
COM" target=3D"_blank">hnelson@WSO2.COM</a> <br>
</blockquote>
<br></div>
In your server.xml the searchBaseDN attribute in &lt;kdcServer&gt; is missi=
ng. And for &lt;ldapServer&gt; set the right values for saslHost, saslPrinc=
ipal and searchBaseDn.<br></blockquote><div><br>thanks Stefan, I got follow=
ing exceptions when I try to rename the domain.<br>
</div><div><br>Actually if I use sample code i.e using <a href=3D"http://EX=
AMPLE.COM">EXAMPLE.COM</a> domain then even without specifying the=A0 searc=
hBaseDn either in kdcServer or ldapServer it works fine. But if I move the =
user entries to ou=3Dusers,ou=3Dsystem folder (by changing the ldif file) t=
hen it does not work.<br>
<br>I rename <a href=3D"http://EXAMPLE.COM">EXAMPLE.COM</a> to <a href=3D"h=
ttp://WSO2.COM">WSO2.COM</a> (please see the attached files). Then when I t=
ried to login as hnelson@WSO2 it gives following log out put.<br><br>[10:56=
:08] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpect=
ed exception forcing session to close: sending disconnect notice to client.=
<br>
java.lang.NullPointerException<br>=A0=A0=A0 at org.apache.directory.server.=
ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:129)=
<br>=A0=A0=A0 at org.apache.directory.server.ldap.handlers.LdapRequestHandl=
er.handleMessage(LdapRequestHandler.java:56)<br>
=A0=A0=A0 at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceive=
d(DemuxingIoHandler.java:232)<br>=A0=A0=A0 at org.apache.directory.server.l=
dap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:194)<br>=
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilt=
er.messageReceived(DefaultIoFilterChain.java:721)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNext=
MessageReceived(DefaultIoFilterChain.java:433)<br>=A0=A0=A0 at org.apache.m=
ina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.=
java:47)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImp=
l$1.messageReceived(DefaultIoFilterChain.java:801)<br>=A0=A0=A0 at org.apac=
he.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)<br>=A0=
=A0=A0 at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)<br>
=A0=A0=A0 at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Wo=
rker.runTask(UnorderedThreadPoolExecutor.java:480)<br>=A0=A0=A0 at org.apac=
he.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThr=
eadPoolExecutor.java:434)<br>
=A0=A0=A0 at java.lang.Thread.run(Thread.java:619)<br>[10:56:08] WARN [org.=
apache.directory.server.ldap.LdapProtocolHandler] - Null LdapSession given =
to cleanUpSession.<br>[10:56:49] WARN [org.apache.directory.server.ldap.Lda=
pProtocolHandler] - Unexpected exception forcing session to close: sending =
disconnect notice to client.<br>
java.lang.NullPointerException<br>=A0=A0=A0 at org.apache.directory.server.=
ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:129)=
<br>=A0=A0=A0 at org.apache.directory.server.ldap.handlers.LdapRequestHandl=
er.handleMessage(LdapRequestHandler.java:56)<br>
=A0=A0=A0 at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceive=
d(DemuxingIoHandler.java:232)<br>=A0=A0=A0 at org.apache.directory.server.l=
dap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:194)<br>=
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilt=
er.messageReceived(DefaultIoFilterChain.java:721)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNext=
MessageReceived(DefaultIoFilterChain.java:433)<br>=A0=A0=A0 at org.apache.m=
ina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.=
java:47)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImp=
l$1.messageReceived(DefaultIoFilterChain.java:801)<br>=A0=A0=A0 at org.apac=
he.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)<br>=A0=
=A0=A0 at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)<br>
=A0=A0=A0 at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Wo=
rker.runTask(UnorderedThreadPoolExecutor.java:480)<br>=A0=A0=A0 at org.apac=
he.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThr=
eadPoolExecutor.java:434)<br>
=A0=A0=A0 at java.lang.Thread.run(Thread.java:619)<br>[10:56:49] WARN [org.=
apache.directory.server.ldap.LdapProtocolHandler] - Null LdapSession given =
to cleanUpSession.<br>[10:57:16] DEBUG [org.apache.directory.server.kerbero=
s.protocol.KerberosProtocolHandler] - /<a href=3D"http://127.0.0.1:53911">1=
27.0.0.1:53911</a> CREATED:=A0 datagram<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosPro=
tocolHandler] - /<a href=3D"http://127.0.0.1:53911">127.0.0.1:53911</a> OPE=
NED<br>[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.Kerb=
erosProtocolHandler] - /<a href=3D"http://127.0.0.1:53911">127.0.0.1:53911<=
/a> RCVD:=A0 org.apache.directory.server.kerberos.shared.messages.KdcReques=
t@79429cb2<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.A=
uthenticationService] - Received Authentication Service (AS) request:<br>=
=A0=A0=A0 messageType:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 AS_REQ<br>=A0=A0=A0 pr=
otocolVersionNumber: 5<br>=A0=A0=A0 clientAddress:=A0=A0=A0=A0=A0=A0=A0=A0 =
127.0.0.1<br>
=A0=A0=A0 nonce:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 1265606836=
<br>=A0=A0=A0 kdcOptions:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 <br>=A0=A0=A0 cl=
ientPrincipal:=A0=A0=A0=A0=A0=A0 <a href=3D"mailto:hnelson@WSO2.COM">hnelso=
n@WSO2.COM</a><br>=A0=A0=A0 serverPrincipal:=A0=A0=A0=A0=A0=A0 krbtgt/<a hr=
ef=3D"http://WSO2.COM">WSO2.COM</a>@<a href=3D"http://WSO2.COM">WSO2.COM</a=
><br>
=A0=A0=A0 encryptionType:=A0=A0=A0=A0=A0=A0=A0 des3-cbc-sha1-kd (16), des-c=
bc-md5 (3), des-cbc-crc (1), aes256-cts-hmac-sha1-96 (18), aes128-cts-hmac-=
sha1-96 (17), rc4-hmac (23)<br>=A0=A0=A0 realm:=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0 <a href=3D"http://WSO2.COM">WSO2.COM</a><br>
=A0=A0=A0 from time:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 =
till time:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 19700101000000Z<br>=A0=A0=A0=
 renew-till time:=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 hostAddresses:=A0=A0=
=A0=A0=A0=A0=A0=A0 null<br>[10:57:16] DEBUG [org.apache.directory.server.ke=
rberos.kdc.authentication.AuthenticationService] - Session will use encrypt=
ion type des-cbc-md5 (3).<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.shared.store.operati=
ons.StoreUtils] - Found entry ServerEntry<br>=A0=A0=A0 dn[n]: uid=3Dhnelson=
,ou=3DUsers,dc=3Dwso2,dc=3Dcom<br>=A0=A0=A0 objectClass: organizationalPers=
on<br>=A0=A0=A0 objectClass: person<br>
=A0=A0=A0 objectClass: krb5Principal<br>=A0=A0=A0 objectClass: inetOrgPerso=
n<br>=A0=A0=A0 objectClass: krb5KDCEntry<br>=A0=A0=A0 objectClass: top<br>=
=A0=A0=A0 uid: hnelson<br>=A0=A0=A0 cn: Horatio Nelson<br>=A0=A0=A0 sn: Nel=
son<br>=A0=A0=A0 userPassword: &#39;0x73 0x65 0x63 0x72 0x65 0x74 &#39;<br>
=A0=A0=A0 krb5KeyVersionNumber: 0<br>=A0=A0=A0 krb5Key: &#39;0x30 0x11 0xA0=
 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x64 0xE9 0x2C 0x3B 0xCD ...&#39;<=
br>=A0=A0=A0 krb5Key: &#39;0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x0=
4 0x10 0x05 0x83 0x07 0xC8 0x4B ...&#39;<br>
=A0=A0=A0 krb5Key: &#39;0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0=
x20 0x83 0x68 0x81 0xC3 0x62 ...&#39;<br>=A0=A0=A0 krb5Key: &#39;0x30 0x21 =
0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x8C 0x52 0x4A 0x23 0xCE ...&#=
39;<br>=A0=A0=A0 krb5Key: &#39;0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12=
 0x04 0x10 0x87 0x8D 0x80 0x14 0x60 ...&#39;<br>
=A0=A0=A0 krb5PrincipalName: <a href=3D"mailto:hnelson@WSO2.COM">hnelson@WS=
O2.COM</a><br>=A0for kerberos principal name <a href=3D"mailto:hnelson@WSO2=
.COM">hnelson@WSO2.COM</a><br>[10:57:16] DEBUG [org.apache.directory.server=
.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM s=
ubsystem.<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.A=
uthenticationService] - Verifying using encrypted timestamp.<br>[10:57:16] =
DEBUG [org.apache.directory.server.kerberos.kdc.authentication.Authenticati=
onService] - Entry for client principal <a href=3D"mailto:hnelson@WSO2.COM"=
>hnelson@WSO2.COM</a> has no SAM type.=A0 Proceeding with standard pre-auth=
entication.<br>
[10:57:16] WARN [org.apache.directory.server.kerberos.protocol.KerberosProt=
ocolHandler] - Additional pre-authentication required (25)<br>org.apache.di=
rectory.server.kerberos.shared.exceptions.KerberosException: Additional pre=
-authentication required<br>
=A0=A0=A0 at org.apache.directory.server.kerberos.kdc.authentication.Authen=
ticationService.verifyEncryptedTimestamp(AuthenticationService.java:268)<br=
>=A0=A0=A0 at org.apache.directory.server.kerberos.kdc.authentication.Authe=
nticationService.execute(AuthenticationService.java:106)<br>
=A0=A0=A0 at org.apache.directory.server.kerberos.protocol.KerberosProtocol=
Handler.messageReceived(KerberosProtocolHandler.java:145)<br>=A0=A0=A0 at o=
rg.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageRece=
ived(DefaultIoFilterChain.java:721)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNext=
MessageReceived(DefaultIoFilterChain.java:433)<br>=A0=A0=A0 at org.apache.m=
ina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.=
java:47)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImp=
l$1.messageReceived(DefaultIoFilterChain.java:801)<br>=A0=A0=A0 at org.apac=
he.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(Pr=
otocolCodecFilter.java:375)<br>
=A0=A0=A0 at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceiv=
ed(ProtocolCodecFilter.java:229)<br>=A0=A0=A0 at org.apache.mina.core.filte=
rchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.ja=
va:433)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1=
200(DefaultIoFilterChain.java:47)<br>=A0=A0=A0 at org.apache.mina.core.filt=
erchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterCha=
in.java:801)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceiv=
ed(IoFilterAdapter.java:119)<br>=A0=A0=A0 at org.apache.mina.core.filtercha=
in.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:4=
33)<br>=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain.f=
ireMessageReceived(DefaultIoFilterChain.java:425)<br>
=A0=A0=A0 at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAc=
ceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)<br>=A0=
=A0=A0 at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAccep=
tor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)<=
br>
=A0=A0=A0 at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAc=
ceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)<br>=A0=
=A0=A0 at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAccep=
tor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)<br>
=A0=A0=A0 at org.apache.mina.util.NamePreservingRunnable.run(NamePreserving=
Runnable.java:64)<br>=A0=A0=A0 at java.util.concurrent.ThreadPoolExecutor$W=
orker.runTask(ThreadPoolExecutor.java:886)<br>=A0=A0=A0 at java.util.concur=
rent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)<br>
=A0=A0=A0 at java.lang.Thread.run(Thread.java:619)<br>[10:57:16] DEBUG [org=
.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Respo=
nding to request with error:<br>=A0=A0=A0 explanatory text:=A0=A0=A0=A0=A0 =
Additional pre-authentication required<br>
=A0=A0=A0 error code:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 25<br>=A0=A0=A0 clie=
ntPrincipal:=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 client time:=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 serverPrincipal:=A0=A0=A0=A0=A0=A0 krb=
tgt/<a href=3D"http://EXAMPLE.COM">EXAMPLE.COM</a>@<a href=3D"http://EXAMPL=
E.COM">EXAMPLE.COM</a><br>
=A0=A0=A0 server time:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 20100208052716Z<br>[10=
:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtoc=
olHandler] - /<a href=3D"http://127.0.0.1:53911">127.0.0.1:53911</a> SENT:=
=A0 org.apache.directory.server.kerberos.shared.messages.ErrorMessage@59c95=
8af<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosPro=
tocolHandler] - /<a href=3D"http://127.0.0.1:34535">127.0.0.1:34535</a> CRE=
ATED:=A0 datagram<br>[10:57:16] DEBUG [org.apache.directory.server.kerberos=
.protocol.KerberosProtocolHandler] - /<a href=3D"http://127.0.0.1:34535">12=
7.0.0.1:34535</a> OPENED<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosPro=
tocolHandler] - /<a href=3D"http://127.0.0.1:34535">127.0.0.1:34535</a> RCV=
D:=A0 org.apache.directory.server.kerberos.shared.messages.KdcRequest@42bd9=
3cd<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.A=
uthenticationService] - Received Authentication Service (AS) request:<br>=
=A0=A0=A0 messageType:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 AS_REQ<br>=A0=A0=A0 pr=
otocolVersionNumber: 5<br>=A0=A0=A0 clientAddress:=A0=A0=A0=A0=A0=A0=A0=A0 =
127.0.0.1<br>
=A0=A0=A0 nonce:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 1265606837=
<br>=A0=A0=A0 kdcOptions:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 <br>=A0=A0=A0 cl=
ientPrincipal:=A0=A0=A0=A0=A0=A0 <a href=3D"mailto:hnelson@WSO2.COM">hnelso=
n@WSO2.COM</a><br>=A0=A0=A0 serverPrincipal:=A0=A0=A0=A0=A0=A0 krbtgt/<a hr=
ef=3D"http://WSO2.COM">WSO2.COM</a>@<a href=3D"http://WSO2.COM">WSO2.COM</a=
><br>
=A0=A0=A0 encryptionType:=A0=A0=A0=A0=A0=A0=A0 des-cbc-md5 (3)<br>=A0=A0=A0=
 realm:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 <a href=3D"http://W=
SO2.COM">WSO2.COM</a><br>=A0=A0=A0 from time:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0 null<br>=A0=A0=A0 till time:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 197=
00101000000Z<br>=A0=A0=A0 renew-till time:=A0=A0=A0=A0=A0=A0 null<br>
=A0=A0=A0 hostAddresses:=A0=A0=A0=A0=A0=A0=A0=A0 null<br>[10:57:16] DEBUG [=
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationServi=
ce] - Session will use encryption type des-cbc-md5 (3).<br>[10:57:16] DEBUG=
 [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] =
- Found entry ServerEntry<br>
=A0=A0=A0 dn[n]: uid=3Dhnelson,ou=3DUsers,dc=3Dwso2,dc=3Dcom<br>=A0=A0=A0 o=
bjectClass: organizationalPerson<br>=A0=A0=A0 objectClass: person<br>=A0=A0=
=A0 objectClass: krb5Principal<br>=A0=A0=A0 objectClass: inetOrgPerson<br>=
=A0=A0=A0 objectClass: krb5KDCEntry<br>=A0=A0=A0 objectClass: top<br>
=A0=A0=A0 uid: hnelson<br>=A0=A0=A0 cn: Horatio Nelson<br>=A0=A0=A0 sn: Nel=
son<br>=A0=A0=A0 userPassword: &#39;0x73 0x65 0x63 0x72 0x65 0x74 &#39;<br>=
=A0=A0=A0 krb5KeyVersionNumber: 0<br>=A0=A0=A0 krb5Key: &#39;0x30 0x11 0xA0=
 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x64 0xE9 0x2C 0x3B 0xCD ...&#39;<=
br>
=A0=A0=A0 krb5Key: &#39;0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0=
x10 0x05 0x83 0x07 0xC8 0x4B ...&#39;<br>=A0=A0=A0 krb5Key: &#39;0x30 0x29 =
0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0x83 0x68 0x81 0xC3 0x62 ...&#=
39;<br>=A0=A0=A0 krb5Key: &#39;0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A=
 0x04 0x18 0x8C 0x52 0x4A 0x23 0xCE ...&#39;<br>
=A0=A0=A0 krb5Key: &#39;0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0=
x10 0x87 0x8D 0x80 0x14 0x60 ...&#39;<br>=A0=A0=A0 krb5PrincipalName: <a hr=
ef=3D"mailto:hnelson@WSO2.COM">hnelson@WSO2.COM</a><br>=A0for kerberos prin=
cipal name <a href=3D"mailto:hnelson@WSO2.COM">hnelson@WSO2.COM</a><br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.A=
uthenticationService] - Verifying using SAM subsystem.<br>[10:57:16] DEBUG =
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationServ=
ice] - Verifying using encrypted timestamp.<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.A=
uthenticationService] - Entry for client principal <a href=3D"mailto:hnelso=
n@WSO2.COM">hnelson@WSO2.COM</a> has no SAM type.=A0 Proceeding with standa=
rd pre-authentication.<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.A=
uthenticationService] - Pre-authentication by encrypted timestamp successfu=
l for <a href=3D"mailto:hnelson@WSO2.COM">hnelson@WSO2.COM</a>.<br>[10:57:1=
6] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.Stor=
eUtils] - Found entry ServerEntry<br>
=A0=A0=A0 dn[n]: uid=3Dkrbtgt,ou=3DUsers,dc=3Dwso2,dc=3Dcom<br>=A0=A0=A0 ob=
jectClass: organizationalPerson<br>=A0=A0=A0 objectClass: person<br>=A0=A0=
=A0 objectClass: krb5Principal<br>=A0=A0=A0 objectClass: inetOrgPerson<br>=
=A0=A0=A0 objectClass: krb5KDCEntry<br>=A0=A0=A0 objectClass: top<br>
=A0=A0=A0 uid: krbtgt<br>=A0=A0=A0 cn: KDC Service<br>=A0=A0=A0 sn: Service=
<br>=A0=A0=A0 userPassword: &#39;0x73 0x65 0x63 0x72 0x65 0x74 &#39;<br>=A0=
=A0=A0 krb5KeyVersionNumber: 0<br>=A0=A0=A0 krb5Key: &#39;0x30 0x11 0xA0 0x=
03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x5E 0x3D 0x94 0x40 0xF2 ...&#39;<br>
=A0=A0=A0 krb5Key: &#39;0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0=
x10 0xF3 0x35 0xE9 0x1E 0x37 ...&#39;<br>=A0=A0=A0 krb5Key: &#39;0x30 0x29 =
0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0xD0 0x01 0xFE 0x00 0xFB ...&#=
39;<br>=A0=A0=A0 krb5Key: &#39;0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A=
 0x04 0x18 0xBF 0x1C 0x92 0x7A 0xDA ...&#39;<br>
=A0=A0=A0 krb5Key: &#39;0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0=
x10 0x87 0x8D 0x80 0x14 0x60 ...&#39;<br>=A0=A0=A0 krb5PrincipalName: krbtg=
t/<a href=3D"http://WSO2.COM">WSO2.COM</a>@<a href=3D"http://WSO2.COM">WSO2=
.COM</a><br>
=A0for kerberos principal name krbtgt/<a href=3D"http://WSO2.COM">WSO2.COM<=
/a>@<a href=3D"http://WSO2.COM">WSO2.COM</a><br>[10:57:16] DEBUG [org.apach=
e.directory.server.kerberos.kdc.authentication.AuthenticationService] - Tic=
ket will be issued for access to krbtgt/<a href=3D"http://WSO2.COM">WSO2.CO=
M</a>@<a href=3D"http://WSO2.COM">WSO2.COM</a>.<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.A=
uthenticationService] - Monitoring Authentication Service (AS) context:<br>=
=A0=A0=A0 clockSkew=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 300000<br>=A0=A0=
=A0 clientAddress=A0=A0=A0=A0=A0=A0=A0=A0=A0 /<a href=3D"http://127.0.0.1">=
127.0.0.1</a><br>
=A0=A0=A0 principal=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 <a href=3D"mailt=
o:hnelson@WSO2.COM">hnelson@WSO2.COM</a><br>=A0=A0=A0 cn=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 realm=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 principal=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 <a href=3D"mailto:hnelson@WSO2.COM">hn=
elson@WSO2.COM</a><br>
=A0=A0=A0 SAM type=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=
=A0 principal=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 krbtgt/<a href=3D"http=
://WSO2.COM">WSO2.COM</a>@<a href=3D"http://WSO2.COM">WSO2.COM</a><br>=A0=
=A0=A0 cn=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 null<=
br>=A0=A0=A0 realm=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 null<=
br>=A0=A0=A0 principal=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 krbtgt/<a hre=
f=3D"http://WSO2.COM">WSO2.COM</a>@<a href=3D"http://WSO2.COM">WSO2.COM</a>=
<br>
=A0=A0=A0 SAM type=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=
=A0 Request key type=A0=A0=A0=A0=A0=A0 des-cbc-md5 (3)<br>=A0=A0=A0 Client =
key version=A0=A0=A0=A0 0<br>=A0=A0=A0 Server key version=A0=A0=A0=A0 0<br>=
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.A=
uthenticationService] - Responding with Authentication Service (AS) reply:<=
br>
=A0=A0=A0 messageType:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 AS_REP<br>=A0=A0=A0 pr=
otocolVersionNumber: 5<br>=A0=A0=A0 nonce:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0 1265606837<br>=A0=A0=A0 clientPrincipal:=A0=A0=A0=A0=A0=A0 =
<a href=3D"mailto:hnelson@WSO2.COM">hnelson@WSO2.COM</a><br>=A0=A0=A0 clien=
t realm:=A0=A0=A0=A0=A0=A0=A0=A0=A0 <a href=3D"http://WSO2.COM">WSO2.COM</a=
><br>
=A0=A0=A0 serverPrincipal:=A0=A0=A0=A0=A0=A0 krbtgt/<a href=3D"http://WSO2.=
COM">WSO2.COM</a>@<a href=3D"http://WSO2.COM">WSO2.COM</a><br>=A0=A0=A0 ser=
ver realm:=A0=A0=A0=A0=A0=A0=A0=A0=A0 <a href=3D"http://WSO2.COM">WSO2.COM<=
/a><br>=A0=A0=A0 auth time:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 20100208052=
716Z<br>
=A0=A0=A0 start time:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 en=
d time:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 20100209052716Z<br>=A0=A0=A0=
 renew-till time:=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 hostAddresses:=A0=A0=
=A0=A0=A0=A0=A0=A0 null<br>[10:57:16] DEBUG [org.apache.directory.server.ke=
rberos.protocol.KerberosProtocolHandler] - /<a href=3D"http://127.0.0.1:345=
35">127.0.0.1:34535</a> SENT:=A0 org.apache.directory.server.kerberos.share=
d.messages.AuthenticationReply@7f9480b8<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosPro=
tocolHandler] - /<a href=3D"http://127.0.0.1:50621">127.0.0.1:50621</a> CRE=
ATED:=A0 datagram<br>[10:57:16] DEBUG [org.apache.directory.server.kerberos=
.protocol.KerberosProtocolHandler] - /<a href=3D"http://127.0.0.1:50621">12=
7.0.0.1:50621</a> OPENED<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosPro=
tocolHandler] - /<a href=3D"http://127.0.0.1:50621">127.0.0.1:50621</a> RCV=
D:=A0 org.apache.directory.server.kerberos.shared.messages.KdcRequest@6e8ef=
177<br>
[10:57:16] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.Tick=
etGrantingService] - Received Ticket-Granting Service (TGS) request:<br>=A0=
=A0=A0 messageType:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 TGS_REQ<br>=A0=A0=A0 prot=
ocolVersionNumber: 5<br>=A0=A0=A0 clientAddress:=A0=A0=A0=A0=A0=A0=A0=A0 12=
7.0.0.1<br>
=A0=A0=A0 nonce:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 1265606838=
<br>=A0=A0=A0 kdcOptions:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 <br>=A0=A0=A0 cl=
ientPrincipal:=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 serverPrincipal:=A0=A0=
=A0=A0=A0=A0 ldap/<a href=3D"mailto:localhost@WSO2.COM">localhost@WSO2.COM<=
/a><br>=A0=A0=A0 encryptionType:=A0=A0=A0=A0=A0=A0=A0 des3-cbc-sha1-kd (16)=
, des-cbc-md5 (3), des-cbc-crc (1), aes256-cts-hmac-sha1-96 (18), aes128-ct=
s-hmac-sha1-96 (17), rc4-hmac (23)<br>
=A0=A0=A0 realm:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 <a href=3D=
"http://WSO2.COM">WSO2.COM</a><br>=A0=A0=A0 from time:=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 till time:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0 19700101000000Z<br>=A0=A0=A0 renew-till time:=A0=A0=A0=A0=A0=A0 null=
<br>=A0=A0=A0 hostAddresses:=A0=A0=A0=A0=A0=A0=A0=A0 null<br>[10:57:16] DEB=
UG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingServ=
ice] - Session will use encryption type des-cbc-md5 (3).<br>
[10:57:16] WARN [org.apache.directory.server.kerberos.protocol.KerberosProt=
ocolHandler] - The ticket isn&#39;t for us (35)<br>org.apache.directory.ser=
ver.kerberos.shared.exceptions.KerberosException: The ticket isn&#39;t for =
us<br>
=A0=A0=A0 at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGra=
ntingService.verifyTgt(TicketGrantingService.java:232)<br>=A0=A0=A0 at org.=
apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.exec=
ute(TicketGrantingService.java:99)<br>
=A0=A0=A0 at org.apache.directory.server.kerberos.protocol.KerberosProtocol=
Handler.messageReceived(KerberosProtocolHandler.java:158)<br>=A0=A0=A0 at o=
rg.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageRece=
ived(DefaultIoFilterChain.java:721)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNext=
MessageReceived(DefaultIoFilterChain.java:433)<br>=A0=A0=A0 at org.apache.m=
ina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.=
java:47)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImp=
l$1.messageReceived(DefaultIoFilterChain.java:801)<br>=A0=A0=A0 at org.apac=
he.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(Pr=
otocolCodecFilter.java:375)<br>
=A0=A0=A0 at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceiv=
ed(ProtocolCodecFilter.java:229)<br>=A0=A0=A0 at org.apache.mina.core.filte=
rchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.ja=
va:433)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1=
200(DefaultIoFilterChain.java:47)<br>=A0=A0=A0 at org.apache.mina.core.filt=
erchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterCha=
in.java:801)<br>
=A0=A0=A0 at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceiv=
ed(IoFilterAdapter.java:119)<br>=A0=A0=A0 at org.apache.mina.core.filtercha=
in.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:4=
33)<br>=A0=A0=A0 at org.apache.mina.core.filterchain.DefaultIoFilterChain.f=
ireMessageReceived(DefaultIoFilterChain.java:425)<br>
=A0=A0=A0 at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAc=
ceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)<br>=A0=
=A0=A0 at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAccep=
tor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)<=
br>
=A0=A0=A0 at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAc=
ceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)<br>=A0=
=A0=A0 at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAccep=
tor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)<br>
=A0=A0=A0 at org.apache.mina.util.NamePreservingRunnable.run(NamePreserving=
Runnable.java:64)<br>=A0=A0=A0 at java.util.concurrent.ThreadPoolExecutor$W=
orker.runTask(ThreadPoolExecutor.java:886)<br>=A0=A0=A0 at java.util.concur=
rent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)<br>
=A0=A0=A0 at java.lang.Thread.run(Thread.java:619)<br>[10:57:16] DEBUG [org=
.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Respo=
nding to request with error:<br>=A0=A0=A0 explanatory text:=A0=A0=A0=A0=A0 =
The ticket isn&#39;t for us<br>
=A0=A0=A0 error code:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 35<br>=A0=A0=A0 clie=
ntPrincipal:=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 client time:=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0 null<br>=A0=A0=A0 serverPrincipal:=A0=A0=A0=A0=A0=A0 krb=
tgt/<a href=3D"http://EXAMPLE.COM">EXAMPLE.COM</a>@<a href=3D"http://EXAMPL=
E.COM">EXAMPLE.COM</a><br>
=A0=A0=A0 server time:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 20100208052716Z<br>[10=
:57:16] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtoc=
olHandler] - /<a href=3D"http://127.0.0.1:50621">127.0.0.1:50621</a> SENT:=
=A0 org.apache.directory.server.kerberos.shared.messages.ErrorMessage@63a6b=
16f<br>
<br>1. [10:57:16] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationServ=
ice]
- Entry for client principal <a href=3D"mailto:hnelson@WSO2.COM">hnelson@WS=
O2.COM</a> has no SAM type.=A0
Proceeding with standard pre-authentication.<br><br>what is SAM type?<br><b=
r>2. [10:57:16] WARN [org.apache.directory.server.kerberos.protocol.Kerbero=
sProtocolHandler] - The ticket isn&#39;t for us (35)<br>
org.apache.directory.server.kerberos.shared.exceptions.KerberosException: T=
he ticket isn&#39;t for us<br><br>It seems that server try to check it with=
 the  krbtgt/<a href=3D"http://EXAMPLE.COM">EXAMPLE.COM</a>@<a href=3D"http=
://EXAMPLE.COM">EXAMPLE.COM</a>. I am not sure how it came from?<br>
<br>3. How ApacheDS search for the client and server principles?<br><br><br=
><br>thanks,<br>Amila.<br><br><br></div><blockquote class=3D"gmail_quote" s=
tyle=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8e=
x; padding-left: 1ex;">

<br>
Kind Regards,<br><font color=3D"#888888">
Stefan<br>
<br>
</font></blockquote></div><br><br clear=3D"all"><br>-- <br>Amila Suriarachc=
hi<br>WSO2 Inc.<br>blog: <a href=3D"http://amilachinthaka.blogspot.com/">ht=
tp://amilachinthaka.blogspot.com/</a><br>

--001636e907d0f2f50a047f103c0f--

--001636e907d0f2f510047f103c11
Content-Type: text/xml; charset=US-ASCII; name="server.xml"
Content-Disposition: attachment; filename="server.xml"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_g5etudfy0

PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLQogIExpY2Vuc2VkIHRv
IHRoZSBBcGFjaGUgU29mdHdhcmUgRm91bmRhdGlvbiAoQVNGKSB1bmRlciBvbmUKICBvciBtb3Jl
IGNvbnRyaWJ1dG9yIGxpY2Vuc2UgYWdyZWVtZW50cy4gIFNlZSB0aGUgTk9USUNFIGZpbGUKICBk
aXN0cmlidXRlZCB3aXRoIHRoaXMgd29yayBmb3IgYWRkaXRpb25hbCBpbmZvcm1hdGlvbgogIHJl
Z2FyZGluZyBjb3B5cmlnaHQgb3duZXJzaGlwLiAgVGhlIEFTRiBsaWNlbnNlcyB0aGlzIGZpbGUK
ICB0byB5b3UgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uIDIuMCAodGhlCiAgIkxp
Y2Vuc2UiKTsgeW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZQog
IHdpdGggdGhlIExpY2Vuc2UuICBZb3UgbWF5IG9idGFpbiBhIGNvcHkgb2YgdGhlIExpY2Vuc2Ug
YXQKCiAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCgogIFVubGVz
cyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywKICBz
b2Z0d2FyZSBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBh
bgogICJBUyBJUyIgQkFTSVMsIFdJVEhPVVQgV0FSUkFOVElFUyBPUiBDT05ESVRJT05TIE9GIEFO
WQogIEtJTkQsIGVpdGhlciBleHByZXNzIG9yIGltcGxpZWQuICBTZWUgdGhlIExpY2Vuc2UgZm9y
IHRoZQogIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9ucyBhbmQgbGltaXRh
dGlvbnMKICB1bmRlciB0aGUgTGljZW5zZS4KLS0+CjxzcHJpbmc6YmVhbnMgeG1sbnM9Imh0dHA6
Ly9hcGFjaGVkcy5vcmcvY29uZmlnLzEuNS41IiB4bWxuczpzcHJpbmc9Imh0dHA6Ly94YmVhbi5h
cGFjaGUub3JnL3NjaGVtYXMvc3ByaW5nLzEuMCIgeG1sbnM6cz0iaHR0cDovL3d3dy5zcHJpbmdm
cmFtZXdvcmsub3JnL3NjaGVtYS9iZWFucyI+CgogIDxkZWZhdWx0RGlyZWN0b3J5U2VydmljZSBp
ZD0iZGlyZWN0b3J5U2VydmljZSIgaW5zdGFuY2VJZD0iZGVmYXVsdCIgcmVwbGljYUlkPSIxIiB3
b3JraW5nRGlyZWN0b3J5PSJkaXJlY3RvcnkiIGFsbG93QW5vbnltb3VzQWNjZXNzPSJ0cnVlIiBh
Y2Nlc3NDb250cm9sRW5hYmxlZD0iZmFsc2UiIGRlbm9ybWFsaXplT3BBdHRyc0VuYWJsZWQ9ImZh
bHNlIiBzeW5jUGVyaW9kTWlsbGlzPSIxNTAwMCIgbWF4UERVU2l6ZT0iMjAwMDAwMCI+CiAgICA8
c3lzdGVtUGFydGl0aW9uPgogICAgICA8IS0tIHVzZSB0aGUgZm9sbG93aW5nIHBhcnRpdGlvbkNv
bmZpZ3VyYXRpb24gdG8gb3ZlcnJpZGUgZGVmYXVsdHMgZm9yIC0tPgogICAgICA8IS0tIHRoZSBz
eXN0ZW0gcGFydGl0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgIC0tPgogICAgICA8amRibVBhcnRpdGlvbiBpZD0ic3lzdGVtIiBjYWNoZVNpemU9IjEwMCIg
c3VmZml4PSJvdT1zeXN0ZW0iIG9wdGltaXplckVuYWJsZWQ9InRydWUiIHN5bmNPbldyaXRlPSJ0
cnVlIj4KICAgICAgICA8aW5kZXhlZEF0dHJpYnV0ZXM+CiAgICAgICAgICA8amRibUluZGV4IGF0
dHJpYnV0ZUlkPSIxLjMuNi4xLjQuMS4xODA2MC4wLjQuMS4yLjEiIGNhY2hlU2l6ZT0iMTAwIi8+
CiAgICAgICAgICA8amRibUluZGV4IGF0dHJpYnV0ZUlkPSIxLjMuNi4xLjQuMS4xODA2MC4wLjQu
MS4yLjIiIGNhY2hlU2l6ZT0iMTAwIi8+CiAgICAgICAgICA8amRibUluZGV4IGF0dHJpYnV0ZUlk
PSIxLjMuNi4xLjQuMS4xODA2MC4wLjQuMS4yLjMiIGNhY2hlU2l6ZT0iMTAwIi8+CiAgICAgICAg
ICA8amRibUluZGV4IGF0dHJpYnV0ZUlkPSIxLjMuNi4xLjQuMS4xODA2MC4wLjQuMS4yLjQiIGNh
Y2hlU2l6ZT0iMTAwIi8+CiAgICAgICAgICA8amRibUluZGV4IGF0dHJpYnV0ZUlkPSIxLjMuNi4x
LjQuMS4xODA2MC4wLjQuMS4yLjUiIGNhY2hlU2l6ZT0iMTAiLz4KICAgICAgICAgIDxqZGJtSW5k
ZXggYXR0cmlidXRlSWQ9IjEuMy42LjEuNC4xLjE4MDYwLjAuNC4xLjIuNiIgY2FjaGVTaXplPSIx
MCIvPgogICAgICAgICAgPGpkYm1JbmRleCBhdHRyaWJ1dGVJZD0iMS4zLjYuMS40LjEuMTgwNjAu
MC40LjEuMi43IiBjYWNoZVNpemU9IjEwIi8+CiAgICAgICAgICA8amRibUluZGV4IGF0dHJpYnV0
ZUlkPSJvdSIgY2FjaGVTaXplPSIxMDAiLz4KICAgICAgICAgIDxqZGJtSW5kZXggYXR0cmlidXRl
SWQ9InVpZCIgY2FjaGVTaXplPSIxMDAiLz4KICAgICAgICAgIDxqZGJtSW5kZXggYXR0cmlidXRl
SWQ9Im9iamVjdENsYXNzIiBjYWNoZVNpemU9IjEwMCIvPgogICAgICAgIDwvaW5kZXhlZEF0dHJp
YnV0ZXM+CiAgICAgIDwvamRibVBhcnRpdGlvbj4KICAgIDwvc3lzdGVtUGFydGl0aW9uPgoKICAg
IDxwYXJ0aXRpb25zPgogICAgICA8IS0tIE5PVEU6IHdoZW4gc3BlY2lmeWluZyBuZXcgcGFydGl0
aW9ucyB5b3UgbmVlZCBub3QgaW5jbHVkZSB0aG9zZSAgIC0tPgogICAgICA8IS0tIGF0dHJpYnV0
ZXMgYmVsb3cgd2l0aCBPSUQncyB3aGljaCBhcmUgdGhlIHN5c3RlbSBpbmRpY2VzLCBpZiBsZWZ0
IC0tPgogICAgICA8IS0tIG91dCB0aGV5IHdpbGwgYmUgYXV0b21hdGljYWxseSBjb25maWd1cmVk
IGZvciB5b3Ugd2l0aCBkZWZhdWx0cy4gIC0tPgogICAgICA8amRibVBhcnRpdGlvbiBpZD0id3Nv
MiIgY2FjaGVTaXplPSIxMDAiIHN1ZmZpeD0iZGM9d3NvMixkYz1jb20iIG9wdGltaXplckVuYWJs
ZWQ9InRydWUiIHN5bmNPbldyaXRlPSJ0cnVlIj4KICAgICAgICA8aW5kZXhlZEF0dHJpYnV0ZXM+
CiAgICAgICAgICA8amRibUluZGV4IGF0dHJpYnV0ZUlkPSIxLjMuNi4xLjQuMS4xODA2MC4wLjQu
MS4yLjEiIGNhY2hlU2l6ZT0iMTAwIi8+CiAgICAgICAgICA8amRibUluZGV4IGF0dHJpYnV0ZUlk
PSIxLjMuNi4xLjQuMS4xODA2MC4wLjQuMS4yLjIiIGNhY2hlU2l6ZT0iMTAwIi8+CiAgICAgICAg
ICA8amRibUluZGV4IGF0dHJpYnV0ZUlkPSIxLjMuNi4xLjQuMS4xODA2MC4wLjQuMS4yLjMiIGNh
Y2hlU2l6ZT0iMTAwIi8+CiAgICAgICAgICA8amRibUluZGV4IGF0dHJpYnV0ZUlkPSIxLjMuNi4x
LjQuMS4xODA2MC4wLjQuMS4yLjQiIGNhY2hlU2l6ZT0iMTAwIi8+CiAgICAgICAgICA8amRibUlu
ZGV4IGF0dHJpYnV0ZUlkPSIxLjMuNi4xLjQuMS4xODA2MC4wLjQuMS4yLjUiIGNhY2hlU2l6ZT0i
MTAiLz4KICAgICAgICAgIDxqZGJtSW5kZXggYXR0cmlidXRlSWQ9IjEuMy42LjEuNC4xLjE4MDYw
LjAuNC4xLjIuNiIgY2FjaGVTaXplPSIxMCIvPgogICAgICAgICAgPGpkYm1JbmRleCBhdHRyaWJ1
dGVJZD0iMS4zLjYuMS40LjEuMTgwNjAuMC40LjEuMi43IiBjYWNoZVNpemU9IjEwIi8+CiAgICAg
ICAgICA8amRibUluZGV4IGF0dHJpYnV0ZUlkPSJkYyIgY2FjaGVTaXplPSIxMDAiLz4KICAgICAg
ICAgIDxqZGJtSW5kZXggYXR0cmlidXRlSWQ9Im91IiBjYWNoZVNpemU9IjEwMCIvPgogICAgICAg
ICAgPGpkYm1JbmRleCBhdHRyaWJ1dGVJZD0ia3JiNVByaW5jaXBhbE5hbWUiIGNhY2hlU2l6ZT0i
MTAwIi8+CiAgICAgICAgICA8amRibUluZGV4IGF0dHJpYnV0ZUlkPSJ1aWQiIGNhY2hlU2l6ZT0i
MTAwIi8+CiAgICAgICAgICA8amRibUluZGV4IGF0dHJpYnV0ZUlkPSJvYmplY3RDbGFzcyIgY2Fj
aGVTaXplPSIxMDAiLz4KICAgICAgICA8L2luZGV4ZWRBdHRyaWJ1dGVzPgogICAgICA8L2pkYm1Q
YXJ0aXRpb24+CiAgICA8L3BhcnRpdGlvbnM+CgogICAgPGludGVyY2VwdG9ycz4KICAgICAgPG5v
cm1hbGl6YXRpb25JbnRlcmNlcHRvci8+CiAgICAgIDxhdXRoZW50aWNhdGlvbkludGVyY2VwdG9y
Lz4KICAgICAgPHJlZmVycmFsSW50ZXJjZXB0b3IvPgogICAgICA8YWNpQXV0aG9yaXphdGlvbklu
dGVyY2VwdG9yLz4KICAgICAgPGRlZmF1bHRBdXRob3JpemF0aW9uSW50ZXJjZXB0b3IvPgogICAg
ICA8ZXhjZXB0aW9uSW50ZXJjZXB0b3IvPgogICAgICA8b3BlcmF0aW9uYWxBdHRyaWJ1dGVJbnRl
cmNlcHRvci8+CgogICAgICA8IS0tIFVuY29tbWVudCB0byBlbmFibGUgdGhlIHBhc3N3b3JkIHBv
bGljeSBpbnRlcmNlcHRvcgogICAgICA8cGFzc3dvcmRQb2xpY3lJbnRlcmNlcHRvci8+CiAgICAg
IC0tPgogICAgICA8a2V5RGVyaXZhdGlvbkludGVyY2VwdG9yLz4KCiAgICAgIDxzY2hlbWFJbnRl
cmNlcHRvci8+CiAgICAgIDxzdWJlbnRyeUludGVyY2VwdG9yLz4KICAgICAgPGNvbGxlY3RpdmVB
dHRyaWJ1dGVJbnRlcmNlcHRvci8+CiAgICAgIDxldmVudEludGVyY2VwdG9yLz4KICAgICAgPHRy
aWdnZXJJbnRlcmNlcHRvci8+CgogICAgICA8IS0tIFVuY29tbWVudCB0byBlbmFibGUgcmVwbGlj
YXRpb24gaW50ZXJjZXB0b3IKICAgICAgPHJlcGxpY2F0aW9uSW50ZXJjZXB0b3I+CiAgICAgICAg
PGNvbmZpZ3VyYXRpb24+CiAgICAgICAgICA8cmVwbGljYXRpb25Db25maWd1cmF0aW9uIHNlcnZl
clBvcnQ9IjEwMzkwIiBwZWVyUmVwbGljYXM9Imluc3RhbmNlX2JAbG9jYWxob3N0OjEwMzkyIj4K
ICAgICAgICAgICAgPHJlcGxpY2FJZD4KICAgICAgICAgICAgICA8cmVwbGljYUlkIGlkPSJpbnN0
YW5jZV9hIi8+CiAgICAgICAgICAgIDwvcmVwbGljYUlkPgogICAgICAgICAgPC9yZXBsaWNhdGlv
bkNvbmZpZ3VyYXRpb24+CiAgICAgICAgPC9jb25maWd1cmF0aW9uPgogICAgICA8L3JlcGxpY2F0
aW9uSW50ZXJjZXB0b3I+CiAgICAgIC0tPgogICAgPC9pbnRlcmNlcHRvcnM+CgogICAgPCEtLSBV
bmNvbW1lbnQgdG8gZW5hYmxlIHJlcGxpY2F0aW9uIGNvbmZpZ3VyYXRpb24gLS0+CiAgICA8IS0t
cmVwbGljYXRpb25Db25maWd1cmF0aW9uPgogICAgICA8cHJvdmlkZXJzPgogICAgICAgIDxwcm92
aWRlciBpZD0iMSB0eXBlPSJyZWZyZXNoQW5kUGVyc2lzdCIgdGltZUxpbWl0PSIxMDAwIiBzaXpl
TGltaXQ9IjEwMDAiPgogICAgICAgICAgPHVybD4KICAgICAgICAgICAgbGRhcDovL2xkYXAxLmFj
bWUuY29tOjEwMzg5L291PWRhdGEsZGM9YWNtZSxkYz1jb20/KiwgKz9zdWI/KG9iamVjdENsYXNz
PSopCiAgICAgICAgICA8L3VybD4KICAgICAgICAgIDxjb25uZWN0aW9uIGJpbmRNZXRob2Q9InNp
bXBsZSI+CiAgICAgICAgICAgIDxwcmluY2lwYWw+IAogICAgICAgICAgICAgIHVpZD1hZG1pbixv
dT1zeXN0ZW0gCiAgICAgICAgICAgIDwvcHJpbmNpcGFsPiAKICAgICAgICAgICAgPGNyZWRlbnRp
YWxzPnNlY3JldDwvY3JlZGVudGlhbHM+CiAgICAgICAgICA8L2JpbmQ+CiAgICAgICAgPC9wcm92
aWRlcj4KICAgICAgICA8cHJvdmlkZXIgaWQ9IjIgdHlwZT0icmVmcmVzaEFuZFBlcnNpc3QiIHRp
bWVMaW1pdD0iMTAwMCIgc2l6ZUxpbWl0PSIxMDAwIj4KICAgICAgICAgIDx1cmw+CiAgICAgICAg
ICAgIGxkYXBzOi8vbGRhcDIuYWNtZS5jb206MTAzODkvb3U9ZGF0YSxkYz1hY21lLGRjPWNvbT8q
LCArP3N1Yj8ob2JqZWN0Q2xhc3M9KikKICAgICAgICAgIDwvdXJsPgogICAgICAgICAgPGNvbm5l
Y3Rpb24gYmluZE1ldGhvZD0ic2ltcGxlIj4KICAgICAgICAgICAgPHByaW5jaXBhbD4gCiAgICAg
ICAgICAgICAgdWlkPWFkbWluLG91PXN5c3RlbSAKICAgICAgICAgICAgPC9wcmluY2lwYWw+IAog
ICAgICAgICAgICA8Y3JlZGVudGlhbHM+c2VjcmV0PC9jcmVkZW50aWFscz4KICAgICAgICAgIDwv
YmluZD4KICAgICAgICA8L3Byb3ZpZGVyPgogICAgICA8L3Byb3ZpZGVycz4KICAgIDwvcmVwbGlj
YXRpb25Db25maWd1cmF0aW9uLS0+CgogIDwvZGVmYXVsdERpcmVjdG9yeVNlcnZpY2U+CgoKICA8
IS0tIAogICs9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT0rCiAgfCBDaGFuZ2VQYXNzd29yZCBzZXJ2ZXIgY29uZmlndXJhdGlvbiAgICAg
ICAgICAgICAgICAgICAgICAgIHwKICArPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09KwogIC0tPgogIDwhLS0gIG1pc3NpbmcgIGF0b3U9
dXNlcnMsZGM9ZXhhbXBsZSxkYz1jb20KICA8Y2hhbmdlUGFzc3dvcmRTZXJ2ZXIgaWQ9ImNoYW5n
ZVBhc3N3b3JkU2VydmVyIj4KICAgIDx0cmFuc3BvcnRzPgogICAgICA8dGNwVHJhbnNwb3J0IHBv
cnQ9IjYwNDY0IiBuYlRocmVhZHM9IjIiIGJhY2tMb2c9IjUwIi8+CiAgICAgIDx1ZHBUcmFuc3Bv
cnQgcG9ydD0iNjA0NjQiIG5iVGhyZWFkcz0iMiIgYmFja0xvZz0iNTAiLz4KICAgIDwvdHJhbnNw
b3J0cz4KICAgIDxkaXJlY3RvcnlTZXJ2aWNlPiNkaXJlY3RvcnlTZXJ2aWNlPC9kaXJlY3RvcnlT
ZXJ2aWNlPgogIDwvY2hhbmdlUGFzc3dvcmRTZXJ2ZXI+CiAgLS0+CgogIDwhLS0gCiAgKz09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PSsK
ICB8IEtlcmJlcm9zIHNlcnZlciBjb25maWd1cmF0aW9uICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgfAogICs9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT0rCiAgLS0+CiAgPCEtLSAgbWlzc2luZyBhdG91PXVzZXJzLGRjPWV4YW1w
bGUsZGM9Y29tIC0tPgogIDxrZGNTZXJ2ZXIgaWQ9ImtkY1NlcnZlciIgc2VhcmNoQmFzZURuPSJv
dT1Vc2VycyxkYz13c28yLGRjPWNvbSIgPgogICAgPHRyYW5zcG9ydHM+CiAgICAgIDx0Y3BUcmFu
c3BvcnQgcG9ydD0iNjAwODgiIG5iVGhyZWFkcz0iNCIgYmFja0xvZz0iNTAiLz4KICAgICAgPHVk
cFRyYW5zcG9ydCBwb3J0PSI2MDA4OCIgbmJUaHJlYWRzPSI0IiBiYWNrTG9nPSI1MCIvPgogICAg
PC90cmFuc3BvcnRzPgogICAgPGRpcmVjdG9yeVNlcnZpY2U+I2RpcmVjdG9yeVNlcnZpY2U8L2Rp
cmVjdG9yeVNlcnZpY2U+CiAgPC9rZGNTZXJ2ZXI+CgogIDwhLS0gCiAgKz09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PSsKICB8IE50cFNl
cnZlciBjb25maWd1cmF0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfAog
ICs9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT0rCiAgLS0+CiAgPCEtLW50cFNlcnZlcj4KICAgIDx0cmFuc3BvcnRzPgogICAgICA8dGNw
VHJhbnNwb3J0IHBvcnQ9IjYwMTIzIi8+CiAgICAgIDx1ZHBUcmFuc3BvcnQgcG9ydD0iNjAxMjMi
IG5iVGhyZWFkcz0iMSIvPgogICAgPC90cmFuc3BvcnRzPgogIDwvbnRwU2VydmVyLS0+CgogIDwh
LS0gCiAgKz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PSsKICB8IERuc1NlcnZlciBjb25maWd1cmF0aW9uICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgfAogICs9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT0rCiAgLS0+CiAgPCEtLSAgbWlzc2luZyBhdG91PXVz
ZXJzLGRjPWV4YW1wbGUsZGM9Y29tCiAgPGRuc1NlcnZlcj4KICAgIDx0cmFuc3BvcnRzPgogICAg
ICA8dGNwVHJhbnNwb3J0IHBvcnQ9IjgwNTMiLz4KICAgICAgPHVkcFRyYW5zcG9ydCBwb3J0PSI4
MDUzIi8+CiAgICA8L3RyYW5zcG9ydHM+CiAgICA8ZGlyZWN0b3J5U2VydmljZT4jZGlyZWN0b3J5
U2VydmljZTwvZGlyZWN0b3J5U2VydmljZT4KICA8L2Ruc1NlcnZlcj4KLS0+CgogIDwhLS0gCiAg
Kz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PSsKICB8IExEQVAgU2VydmljZSBjb25maWd1cmF0aW9uICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgfAogICs9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT0rCiAgLS0+CiAgCiAgPGxkYXBTZXJ2ZXIgaWQ9ImxkYXBTZXJ2
ZXIiIGFsbG93QW5vbnltb3VzQWNjZXNzPSJmYWxzZSIgc2FzbEhvc3Q9ImxvY2FsaG9zdCIgc2Fz
bFByaW5jaXBhbD0ibGRhcC9sb2NhbGhvc3RAV1NPMi5DT00iIHNlYXJjaEJhc2VEbj0ib3U9VXNl
cnMsZGM9d3NvMixkYz1jb20iICBtYXhUaW1lTGltaXQ9IjE1MDAwIiBtYXhTaXplTGltaXQ9IjEw
MDAiPgogICAgPHRyYW5zcG9ydHM+CiAgICAgIDx0Y3BUcmFuc3BvcnQgYWRkcmVzcz0iMC4wLjAu
MCIgcG9ydD0iMTAzODkiIG5iVGhyZWFkcz0iOCIgYmFja0xvZz0iNTAiIGVuYWJsZVNTTD0iZmFs
c2UiLz4KICAgICAgPHRjcFRyYW5zcG9ydCBhZGRyZXNzPSJsb2NhbGhvc3QiIHBvcnQ9IjEwNjg2
IiBlbmFibGVTU0w9InRydWUiLz4KICAgIDwvdHJhbnNwb3J0cz4KCiAgICA8ZGlyZWN0b3J5U2Vy
dmljZT4jZGlyZWN0b3J5U2VydmljZTwvZGlyZWN0b3J5U2VydmljZT4KCiAgICA8IS0tIFRoZSBs
aXN0IG9mIHN1cHBvcnRlZCBhdXRoZW50aWNhdGlvbiBtZWNoYW5pc21zLiAgICAgICAgICAgICAg
ICAgICAtLT4KICAgIDxzYXNsTWVjaGFuaXNtSGFuZGxlcnM+CiAgICAgIDxzaW1wbGVNZWNoYW5p
c21IYW5kbGVyIG1lY2gtbmFtZT0iU0lNUExFIi8+CiAgICAgIDxjcmFtTWQ1TWVjaGFuaXNtSGFu
ZGxlciBtZWNoLW5hbWU9IkNSQU0tTUQ1Ii8+CiAgICAgIDxkaWdlc3RNZDVNZWNoYW5pc21IYW5k
bGVyIG1lY2gtbmFtZT0iRElHRVNULU1ENSIvPgogICAgICA8Z3NzYXBpTWVjaGFuaXNtSGFuZGxl
ciBtZWNoLW5hbWU9IkdTU0FQSSIvPgogICAgICA8bnRsbU1lY2hhbmlzbUhhbmRsZXIgbWVjaC1u
YW1lPSJOVExNIiBudGxtUHJvdmlkZXJGcWNuPSJjb20uZm9vLkJhciIvPgogICAgICA8bnRsbU1l
Y2hhbmlzbUhhbmRsZXIgbWVjaC1uYW1lPSJHU1MtU1BORUdPIiBudGxtUHJvdmlkZXJGcWNuPSJj
b20uZm9vLkJhciIvPgogICAgPC9zYXNsTWVjaGFuaXNtSGFuZGxlcnM+CgogICAgPCEtLSBUaGUg
cmVhbG1zIHNlcnZpY2VkIGJ5IHRoaXMgU0FTTCBob3N0LCB1c2VkIGJ5IERJR0VTVC1NRDUgYW5k
IEdTU0FQSS4gLS0+CiAgICA8c2FzbFJlYWxtcz4KICAgICAgPHM6dmFsdWU+d3NvMi5jb208L3M6
dmFsdWU+CiAgICAgIDxzOnZhbHVlPmFwYWNoZS5vcmc8L3M6dmFsdWU+CiAgICA8L3Nhc2xSZWFs
bXM+CgogICAgPCEtLSB0aGUgY29sbGVjdGlvbiBvZiBleHRlbmRlZCBvcGVyYXRpb24gaGFuZGxl
cnMgdG8gaW5zdGFsbCAgICAgICAgICAgLS0+CiAgICA8ZXh0ZW5kZWRPcGVyYXRpb25IYW5kbGVy
cz4KICAgICAgPHN0YXJ0VGxzSGFuZGxlci8+CiAgICAgIDxncmFjZWZ1bFNodXRkb3duSGFuZGxl
ci8+CiAgICAgIDxsYXVuY2hEaWFnbm9zdGljVWlIYW5kbGVyLz4KICAgICAgPCEtLSBUaGUgU3Rv
cmVkIFByb2NlZHVyZSBFeHRlbmRlZCBPcGVyYXRpb24gaXMgbm90IHN0YWJsZSB5ZXQgYW5kIGl0
IG1heSBjYXVzZSBzZWN1cml0eSByaXNrcy4tLT4KICAgICAgPCEtLXN0b3JlZFByb2NlZHVyZUV4
dGVuZGVkT3BlcmF0aW9uSGFuZGxlci8tLT4KICAgIDwvZXh0ZW5kZWRPcGVyYXRpb25IYW5kbGVy
cz4KICA8L2xkYXBTZXJ2ZXI+CgogIDxhcGFjaGVEUyBpZD0iYXBhY2hlRFMiPgogICAgPGxkYXBT
ZXJ2ZXI+I2xkYXBTZXJ2ZXI8L2xkYXBTZXJ2ZXI+CiAgPC9hcGFjaGVEUz4KPC9zcHJpbmc6YmVh
bnM+Cg==
--001636e907d0f2f510047f103c11
Content-Type: text/x-ldif; charset=US-ASCII; name="wso2-kdc-data.ldif"
Content-Disposition: attachment; filename="wso2-kdc-data.ldif"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_g5etuls21

ZG46IGRjPXdzbzIsZGM9Y29tCm9iamVjdENsYXNzOiBkY09iamVjdApvYmplY3RDbGFzczogb3Jn
YW5pemF0aW9uCm9iamVjdENsYXNzOiB0b3AKZGM6IHdzbzIKbzogd3NvMi5jb20KCmRuOiBvdT1V
c2VycyxkYz13c28yLGRjPWNvbQpvYmplY3RDbGFzczogb3JnYW5pemF0aW9uYWxVbml0Cm9iamVj
dENsYXNzOiB0b3AKb3U6IFVzZXJzCgpkbjogdWlkPWhuZWxzb24sb3U9VXNlcnMsZGM9d3NvMixk
Yz1jb20Kb2JqZWN0Q2xhc3M6IHRvcApvYmplY3RDbGFzczogcGVyc29uCm9iamVjdENsYXNzOiBp
bmV0T3JnUGVyc29uCm9iamVjdENsYXNzOiBrcmI1cHJpbmNpcGFsCm9iamVjdENsYXNzOiBrcmI1
a2RjZW50cnkKY246IEhvcmF0aW8gTmVsc29uCnNuOiBOZWxzb24KdWlkOiBobmVsc29uCnVzZXJQ
YXNzd29yZDogc2VjcmV0CmtyYjVQcmluY2lwYWxOYW1lOiBobmVsc29uQFdTTzIuQ09NCmtyYjVL
ZXlWZXJzaW9uTnVtYmVyOiAwCgpkbjogdWlkPWtyYnRndCxvdT1Vc2VycyxkYz13c28yLGRjPWNv
bQpvYmplY3RDbGFzczogdG9wCm9iamVjdENsYXNzOiBwZXJzb24Kb2JqZWN0Q2xhc3M6IGluZXRP
cmdQZXJzb24Kb2JqZWN0Q2xhc3M6IGtyYjVwcmluY2lwYWwKb2JqZWN0Q2xhc3M6IGtyYjVrZGNl
bnRyeQpjbjogS0RDIFNlcnZpY2UKc246IFNlcnZpY2UKdWlkOiBrcmJ0Z3QKdXNlclBhc3N3b3Jk
OiBzZWNyZXQKa3JiNVByaW5jaXBhbE5hbWU6IGtyYnRndC9XU08yLkNPTUBXU08yLkNPTQprcmI1
S2V5VmVyc2lvbk51bWJlcjogMAoKZG46IHVpZD1sZGFwLG91PVVzZXJzLGRjPXdzbzIsZGM9Y29t
Cm9iamVjdENsYXNzOiB0b3AKb2JqZWN0Q2xhc3M6IHBlcnNvbgpvYmplY3RDbGFzczogaW5ldE9y
Z1BlcnNvbgpvYmplY3RDbGFzczoga3JiNXByaW5jaXBhbApvYmplY3RDbGFzczoga3JiNWtkY2Vu
dHJ5CmNuOiBMREFQCnNuOiBTZXJ2aWNlCnVpZDogbGRhcAp1c2VyUGFzc3dvcmQ6IHJhbmRhbGwK
a3JiNVByaW5jaXBhbE5hbWU6IGxkYXAvbG9jYWxob3N0QFdTTzIuQ09NCmtyYjVLZXlWZXJzaW9u
TnVtYmVyOiAwCgo=
--001636e907d0f2f510047f103c11
Content-Type: application/octet-stream; name="krb5.conf"
Content-Disposition: attachment; filename="krb5.conf"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_g5etv3v22

W2xpYmRlZmF1bHRzXQogICAgICAgIGRlZmF1bHRfcmVhbG0gPSBXU08yLkNPTQoKW3JlYWxtc10K
ICAgICAgICBXU08yLkNPTSA9IHsKICAgICAgICAgICAgICAgIGtkYyA9IGxvY2FsaG9zdDo2MDA4
OAogICAgICAgIH0KCltkb21haW5fcmVhbG1dCiAgICAgICAgLndzbzIuY29tID0gV1NPMi5DT00K
ICAgICAgICB3c28yLmNvbSA9IFdTTzIuQ09NCgpbbG9naW5dCiAgICAgICAga3JiNF9jb252ZXJ0
ID0gdHJ1ZQogICAgICAgIGtyYjRfZ2V0X3RpY2tldHMgPSBmYWxzZQoK
--001636e907d0f2f510047f103c11--