directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eirik Bjorsnos (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-100) Active Directory support for KdcConnection
Date Fri, 28 Feb 2014 10:07:24 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13915622#comment-13915622
] 

Eirik Bjorsnos commented on DIRKRB-100:
---------------------------------------

Enabling  des-cbc-md5 only, it seems I'm able to get a ticket!

However, I get an exception trying to change the user's password with changePassword:

{code}
Exception in thread "main" org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException:
Request failed due to a hard error in processing the request.
	at org.apache.directory.kerberos.client.KdcConnection.changePassword(KdcConnection.java:618)
	at no.kantega.demos.webjars.KerbPasswordTest.main(KerbPasswordTest.java:60)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: java.lang.NullPointerException
	at org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler.decrypt(CipherTextHandler.java:118)
	at org.apache.directory.kerberos.client.KdcConnection.changePassword(KdcConnection.java:604)
... 6 more
{code}

The NPE is caused by ChiperTextHandler.decrypt being handed a null EncryptionKey from KdcConnection.changePassword

encApRepPart.getSubkey() return null.



> Active Directory support for KdcConnection
> ------------------------------------------
>
>                 Key: DIRKRB-100
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-100
>             Project: Directory Kerberos
>          Issue Type: Improvement
>            Reporter: Eirik Bjorsnos
>            Assignee: Emmanuel Lecharny
>
> I'm testing KdcConnection.getTgt() with Microsoft Active Directory.
> My first test failed with AD responding with first saying KRB5KRB_ERR_PREAUTH_REQUIRED
(expected), then KRB5KRB_ERR_PREAUTH_FAILED (not expected).
> Since PREAUTH_FAILED is what you'll also get if your password is wrong, I enabled "Do
not use pre authentication" for the account being tested and verified via kinit on OS X that
no pre authentication was sent there.
> When testing getTgt with no preauth, I now get the following exception:
> Exception in thread "main" org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException:
Request failed due to being malformed.
> 	at org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder.decodeEncTgsRepPart(KerberosDecoder.java:684)
> 	at org.apache.directory.kerberos.client.KdcConnection._getTgt(KdcConnection.java:329)
> 	at org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:181)
> 	at org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:145)



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message