directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kiran Ayyagari (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-100) Active Directory support for KdcConnection
Date Fri, 28 Feb 2014 08:37:19 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13915565#comment-13915565
] 

Kiran Ayyagari commented on DIRKRB-100:
---------------------------------------

[~eirbjo] Can you perform one more test? this time without RC4 in the requested encryption
types of the client.
1. create KdcConfic kc
2. call kc.getEncryptionTypes().remove( EncryptionType.RC4_HMAC );
3. instantiate KdcConnection with the kc
4. authenticate with the principal olanor@KANTEGA.LAN

Please attach pcap files as well if this _fails_.

> Active Directory support for KdcConnection
> ------------------------------------------
>
>                 Key: DIRKRB-100
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-100
>             Project: Directory Kerberos
>          Issue Type: Improvement
>            Reporter: Eirik Bjorsnos
>            Assignee: Emmanuel Lecharny
>
> I'm testing KdcConnection.getTgt() with Microsoft Active Directory.
> My first test failed with AD responding with first saying KRB5KRB_ERR_PREAUTH_REQUIRED
(expected), then KRB5KRB_ERR_PREAUTH_FAILED (not expected).
> Since PREAUTH_FAILED is what you'll also get if your password is wrong, I enabled "Do
not use pre authentication" for the account being tested and verified via kinit on OS X that
no pre authentication was sent there.
> When testing getTgt with no preauth, I now get the following exception:
> Exception in thread "main" org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException:
Request failed due to being malformed.
> 	at org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder.decodeEncTgsRepPart(KerberosDecoder.java:684)
> 	at org.apache.directory.kerberos.client.KdcConnection._getTgt(KdcConnection.java:329)
> 	at org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:181)
> 	at org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:145)



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message