directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kiran Ayyagari (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-100) Active Directory support for KdcConnection
Date Wed, 26 Feb 2014 11:33:19 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13912787#comment-13912787
] 

Kiran Ayyagari commented on DIRKRB-100:
---------------------------------------

Just to add, I knew that getting tickets and changing passwords successfully done using KdcConnection
with Heimdal KDC besides ApacheDS, so not sure if Active Directory is expecting any special
flag etc.., to honor the requests using KdcConnection. 

> Active Directory support for KdcConnection
> ------------------------------------------
>
>                 Key: DIRKRB-100
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-100
>             Project: Directory Kerberos
>          Issue Type: Improvement
>            Reporter: Eirik Bjorsnos
>            Assignee: Emmanuel Lecharny
>
> I'm testing KdcConnection.getTgt() with Microsoft Active Directory.
> My first test failed with AD responding with first saying KRB5KRB_ERR_PREAUTH_REQUIRED
(expected), then KRB5KRB_ERR_PREAUTH_FAILED (not expected).
> Since PREAUTH_FAILED is what you'll also get if your password is wrong, I enabled "Do
not use pre authentication" for the account being tested and verified via kinit on OS X that
no pre authentication was sent there.
> When testing getTgt with no preauth, I now get the following exception:
> Exception in thread "main" org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException:
Request failed due to being malformed.
> 	at org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder.decodeEncTgsRepPart(KerberosDecoder.java:684)
> 	at org.apache.directory.kerberos.client.KdcConnection._getTgt(KdcConnection.java:329)
> 	at org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:181)
> 	at org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:145)



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message