directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eirik Bjorsnos (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DIRKRB-100) Active Directory support for KdcConnection
Date Wed, 26 Feb 2014 11:26:19 GMT
Eirik Bjorsnos created DIRKRB-100:
-------------------------------------

             Summary: Active Directory support for KdcConnection
                 Key: DIRKRB-100
                 URL: https://issues.apache.org/jira/browse/DIRKRB-100
             Project: Directory Kerberos
          Issue Type: Improvement
            Reporter: Eirik Bjorsnos
            Assignee: Emmanuel Lecharny


I'm testing KdcConnection.getTgt() with Microsoft Active Directory.

My first test failed with AD responding with first saying KRB5KRB_ERR_PREAUTH_REQUIRED (expected),
then KRB5KRB_ERR_PREAUTH_FAILED (not expected).

Since PREAUTH_FAILED is what you'll also get if your password is wrong, I enabled "Do not
use pre authentication" for the account being tested and verified via kinit on OS X that no
pre authentication was sent there.

When testing getTgt with no preauth, I now get the following exception:

Exception in thread "main" org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException:
Request failed due to being malformed.
	at org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder.decodeEncTgsRepPart(KerberosDecoder.java:684)
	at org.apache.directory.kerberos.client.KdcConnection._getTgt(KdcConnection.java:329)
	at org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:181)
	at org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:145)



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message