Thanks a lot for your help. I also have verified that apacheds works with Hadoop too with trust relationship setup between an Apacheds Kerberos service and an MIT Kerberos service.
From: Emmanuel Lécharny [mailto:firstname.lastname@example.org]
Sent: Wednesday, April 10, 2013 3:36 PM
To: Apache Directory Developers List
Subject: Re: kinit failed on - Integrity check on decrypted field failed
Le 4/10/13 8:10 PM, Wu, James C. a écrit :
> I re-installed the apacheds 2.0.0 M11 and wiped out all the existing stuff and used all default settings. The kinit does work.
> So I guess my problem is the config error because in my actual config, I use a different realm, not the EXAMPLE.COM.
> I am going to play compare the configs to find out what mistake I make when changing the realm. I will update in this thread.
I'm happy that you get it working. Kerberos is not very ind, and understanding why it's not working can be a real nightmare. Sadly, due to the very nature of the exhcanged data, which are encoded most of the time, plus the fact that it's not safe to provide too much information when the authent fails, it's difficult to know what can be wrong in the conf.
FYI, we have build a new version which should contain some bug fix : you can get ApacheDS 2.0.0-RC1 here http://people.apache.org/~elecharny/
FYI, this release will not be public, as we detected some more issues that need to be fixed, but still, it can be worthfull to try it.
Thanks for your patience !