When I saw this email I thought to myself - what a great how to this would be for the Kerberos documentation on our site. Hadoop is setup nicely to work with Kerberos and thanks to the efforts of the team here we have something pure java that we can use with Hadoop for security.

On Thu, Apr 11, 2013 at 1:48 AM, Wu, James C. <James.C.Wu@disney.com> wrote:

Thanks a lot for your help. I also have verified that apacheds works with Hadoop too with trust relationship setup between an Apacheds Kerberos service and an MIT Kerberos service.



-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com]
Sent: Wednesday, April 10, 2013 3:36 PM
To: Apache Directory Developers List
Subject: Re: kinit failed on - Integrity check on decrypted field failed

Le 4/10/13 8:10 PM, Wu, James C. a écrit :
> Hi,
> I re-installed the apacheds 2.0.0 M11 and wiped out all the existing stuff and used all default settings. The kinit does work.
> So I guess my problem is the config error because in my actual config, I use a different realm, not the EXAMPLE.COM.
> I am going to play compare the configs to find out what mistake I make when changing the realm. I will update in this thread.

Cool !!!

I'm happy that you get it working. Kerberos is not very ind, and understanding why it's not working can be a real nightmare. Sadly, due to the very nature of the exhcanged data, which are encoded most of the time, plus the fact that it's not safe to provide too much information when the authent fails, it's difficult to know what can be wrong in the conf.

FYI, we have build a new version which should contain some bug fix : you can get ApacheDS 2.0.0-RC1 here http://people.apache.org/~elecharny/

FYI, this release will not be public, as we detected some more issues that need to be fixed, but still, it can be worthfull to try it.

Thanks for your patience !

Emmanuel Lécharny

Best Regards,
-- Alex