directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <m...@stefan-seelmann.de>
Subject Re: Kerberos Login fails through Apache Directory Studio
Date Mon, 20 Jun 2016 06:50:22 GMT
Hi Siva,

please let us know the exact versions you are using:

* Studio version
* ApacheDS version
* Java version

The message "Integrity check on decrypted field failed (31)" may also
mean that the password doesn't match. Please make sure that the password
you set for the "hnelson" user is in *plaintext*. You can set a new
password by browing to the
uid=hnelson,ou=users,dc=security,dc=example,dc=com user, edit the
userPassword, and important to use "Plaintext" as hash method. Once
changed the entry probably shows the a "SSHA hash password", that is
because by default the server hashes the password on the server side
after the KRB5 key was derived.

I tested the tutorial twice:

* With current Studio/ApacheDS development version, everything worked
fine with Java 7. But when using Java 8 it hang when opening the
connections, I have to investigate.

* With ApacheDS 2.0.0-M21, there I saw that the keyDerivationInterceptor
was not enabled and thus no krb5key was generated.

I'll continue testing later.

Kind Regards,
Stefan

PS: Please don't cross-post to all mailing lists, I only kept users@ and
kerby@.


On 06/20/2016 07:04 AM, siva venkat wrote:
> Hi,
> 
> Did you get a chance to go through my issue ?.  Can you please help me to
> setup Kerberos in my Windows 7 machine
> 
> Thanks,
> Siva
> 
> On Wed, Jun 15, 2016 at 8:41 PM, siva venkat <sivarank@gmail.com> wrote:
> 
>> Hi,
>>
>> I am using latest ApacheDS 2.0.0-M21
>> <http://directory.apache.org/apacheds/downloads.html> , for Kerberose
>> login, I followed all steps mentioned in
>> http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html
>> .
>>
>> I am getting error"*javax.security.auth.login.LoginException: Integrity
>> check on decrypted field failed (31)*" when "Require Pre-Authentication
>> By Encrypted TimeStamp" checked.
>> I am getting error "*javax.security.auth.login.LoginException: Checksum
>> Failed*" when "Require Pre-Authentication By Encrypted TimeStamp" is
>> unchecked.
>>
>>
>> ‚Äč
>> *Can you please tell how to fix this issue* ?
>>
>> Seems many other folks facing this issue, see this link
>> http://stackoverflow.com/questions/23140518/apacheds-and-kerberos-setup.
>>
>> Thanks,
>> Siva
>>
> 


Mime
View raw message