Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Date: Thu, 11 Apr 2013 00:07:16 +0000 (UTC)
From: "Frank Ren (JIRA)" <jira@apache.org>
To: dev@directory.apache.org
Message-ID: <JIRA.12641949.1365638590044.146585.1365638836793@arcas>
In-Reply-To: <JIRA.12641949.1365638590044@arcas>
References: <JIRA.12641949.1365638590044@arcas>
Subject: [jira] [Commented] (DIRKRB-90) heimdal "Bad response" "during
 sendauth exchange"
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


    [ https://issues.apache.org/jira/browse/DIRKRB-90?page=3Dcom.atlassian.=
jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D13628=
474#comment-13628474 ]=20

Frank Ren commented on DIRKRB-90:
---------------------------------

Important chapters are missing from the guide, Kerberos User Guide =E2=80=
=94 Apache Directory:

http://directory.apache.org/apacheds/kerberos-user-guide.html

2 - Kerberos Configuration
3 - Kerberos administration

I did setup my kerberos as described in 4.2 - Authenticate with Studio =E2=
=80=94 Apache Directory

http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.ht=
ml
               =20
> heimdal "Bad response" "during sendauth exchange"
> -------------------------------------------------
>
>                 Key: DIRKRB-90
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-90
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M11
>         Environment: Ubuntu 10.04, 64bit
>            Reporter: Frank Ren
>            Assignee: Emmanuel Lecharny
>
> I was trying to setup nfs with kerberos. Got a Bad response. I'll paste t=
he (1) command lines, and (2) server log.
> It seems that kadmin ignored the failure of the first authenticate.
> Can someone help?
> ----
> (1) command lines
> root@dreadnought:/etc# kinit wang2/admin
> wang2/admin@ROMEO-FOXTROT.COM's Password:=20
> root@dreadnought:/etc# klist -v
> Credentials cache: FILE:/tmp/krb5cc_0
>         Principal: wang2/admin@ROMEO-FOXTROT.COM
>     Cache version: 4
> Server: krbtgt/ROMEO-FOXTROT.COM@ROMEO-FOXTROT.COM
> Client: wang2/admin@ROMEO-FOXTROT.COM
> Ticket etype: aes128-cts-hmac-sha1-96
> Ticket length: 261
> Auth time:  Apr 11 07:47:47 2013
> End time:   Apr 11 17:47:47 2013
> Ticket flags: forwardable, proxiable, initial, pre-authenticated
> Addresses: addressless
> root@dreadnought:/etc# kadmin
> kadmin> ext_keytab -k /etc/krb5.keytab nfs/dreadnought.romeo-foxtrot.com@=
ROMEO-FOXTROT.COM
> wang2/admin@ROMEO-FOXTROT.COM's Password:=20
> kadmin: ext nfs/dreadnought.romeo-foxtrot.com@ROMEO-FOXTROT.COM: Bad resp=
onse (during sendauth exchange)
> ----
> (2) server log
> [07:47:47] ERROR [org.apache.directory.server.KERBEROS_LOG] - No timestam=
p found
> [07:47:47] WARN [org.apache.directory.server.kerberos.protocol.KerberosPr=
otocolHandler] - Additional pre-authentication required (25)
> [07:47:47] WARN [org.apache.directory.server.KERBEROS_LOG] - Additional p=
re-authentication required (25)
> [07:48:30] ERROR [org.apache.directory.server.KERBEROS_LOG] - No timestam=
p found
> [07:48:30] WARN [org.apache.directory.server.kerberos.protocol.KerberosPr=
otocolHandler] - Additional pre-authentication required (25)
> [07:48:30] WARN [org.apache.directory.server.KERBEROS_LOG] - Additional p=
re-authentication required (25)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrato=
rs
For more information on JIRA, see: http://www.atlassian.com/software/jira