directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig McLure (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DIRSERVER-2059) Kerberos Password Change Server Failure
Date Tue, 14 Apr 2015 19:40:59 GMT
Craig McLure created DIRSERVER-2059:
---------------------------------------

             Summary: Kerberos Password Change Server Failure
                 Key: DIRSERVER-2059
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2059
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: 2.0.0-M19
         Environment: Linux
            Reporter: Craig McLure


I've been trying to get kpasswd to correctly change a users password, but it always failed,
after doing some digging and debugging, I discovered the following:

*org.apache.directory.server.kerberos.ChangePasswordConfig*
Primary realm is never set, resulting in inheritance of default EXAMPLE.COM realm regardless
of the realm configured. Adding:
{{this.setPrimaryRealm( kdcConfig.getPrimaryRealm() );}}
into the constructor resolved this.

*org.apache.directory.server.kerberos.changepwd.service.ChangePasswordService*
in {{extractPassword}} there's the following check:
{{if( authenticator.getSeqNumber() != privatePart.getSeqNumber() )}}
However, the Authenticator's Sequence Number is never set, resulting in this throwing a NullPointerException.
Commenting out the check, admittedly unwise, allows the code to proceed normally.

With both these changes, password changing via kpasswd is possible again.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message