directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig McLure (JIRA)" <>
Subject [jira] [Created] (DIRSERVER-2059) Kerberos Password Change Server Failure
Date Tue, 14 Apr 2015 19:40:59 GMT
Craig McLure created DIRSERVER-2059:

             Summary: Kerberos Password Change Server Failure
                 Key: DIRSERVER-2059
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: 2.0.0-M19
         Environment: Linux
            Reporter: Craig McLure

I've been trying to get kpasswd to correctly change a users password, but it always failed,
after doing some digging and debugging, I discovered the following:

Primary realm is never set, resulting in inheritance of default EXAMPLE.COM realm regardless
of the realm configured. Adding:
{{this.setPrimaryRealm( kdcConfig.getPrimaryRealm() );}}
into the constructor resolved this.

in {{extractPassword}} there's the following check:
{{if( authenticator.getSeqNumber() != privatePart.getSeqNumber() )}}
However, the Authenticator's Sequence Number is never set, resulting in this throwing a NullPointerException.
Commenting out the check, admittedly unwise, allows the code to proceed normally.

With both these changes, password changing via kpasswd is possible again.

This message was sent by Atlassian JIRA

View raw message