directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eirik Bjørsnøs <eir...@gmail.com>
Subject Re: KdcConnection with Active Directory
Date Wed, 26 Feb 2014 11:26:40 GMT
Ok, maybe I can help in testing then.

I've filed:

https://issues.apache.org/jira/browse/DIRKRB-100

I disabled pre-auth for the account just to rule out any chance that
my principal / password was actually wrong. Now I get a
ChangePasswordException: Request failed due to being malformed.

Eirik.

On Wed, Feb 26, 2014 at 11:38 AM, Kiran Ayyagari <kayyagari@apache.org> wrote:
>
>
>
> On Wed, Feb 26, 2014 at 4:04 PM, Eirik Bjørsnøs <eirbjo@gmail.com> wrote:
>>
>> Hi,
>>
>> I'm trying out KdcConnection using Microsoft Active Directory as KDC.
>>
>> On getTgt, I first get KRB5KRB_ERR_PREAUTH_REQUIRED. KdcConnection
>> retries with a PaEncTsEnc added to the request.
>>
>> The response to this second request is KDC_ERR_PREAUTH_FAILED.
>>
>> Any idea why that would happen?
>>
> no, do you have any logs from AD? you can raise a JIRA here
> https://issues.apache.org/jira/browse/DIRKRB
> and attach the logs and any other details.
> I have never tested this client against AD (due to lack of access)
>>
>> My understanding is that pre authentication involves encrypting a hash
>> of the current timestamp.
>>
>> Any reason this could fail when talking to AD?
>>
>> Thanks,
>> Eirik.
>
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com

Mime
View raw message