directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] [Commented] (DIRKRB-100) Active Directory support for KdcConnection
Date Wed, 26 Feb 2014 13:43:21 GMT


Emmanuel Lecharny commented on DIRKRB-100:

It would be valuable to get the full PDU as hex. The message you get just tell that there
is a wrong value in some place where we expect to have a length, which means either the client
has sent some bad data, or that the server has a bug in the decoder, or that the message being
decoded is not the right one. But without the PDU, we can't tell wha'ts wrong...

> Active Directory support for KdcConnection
> ------------------------------------------
>                 Key: DIRKRB-100
>                 URL:
>             Project: Directory Kerberos
>          Issue Type: Improvement
>            Reporter: Eirik Bjorsnos
>            Assignee: Emmanuel Lecharny
> I'm testing KdcConnection.getTgt() with Microsoft Active Directory.
> My first test failed with AD responding with first saying KRB5KRB_ERR_PREAUTH_REQUIRED
(expected), then KRB5KRB_ERR_PREAUTH_FAILED (not expected).
> Since PREAUTH_FAILED is what you'll also get if your password is wrong, I enabled "Do
not use pre authentication" for the account being tested and verified via kinit on OS X that
no pre authentication was sent there.
> When testing getTgt with no preauth, I now get the following exception:
> Exception in thread "main"
Request failed due to being malformed.
> 	at
> 	at
> 	at
> 	at

This message was sent by Atlassian JIRA

View raw message