directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <akaras...@gmail.com>
Subject Re: Kerberos Can't Find Users
Date Thu, 22 Apr 2010 05:42:02 GMT
On Thu, Apr 22, 2010 at 3:08 AM, Andrew Wiley <debio264@gmail.com> wrote:

> On Wed, Apr 21, 2010 at 4:32 PM, Stefan Seelmann <seelmann@apache.org
> >wrote:
> >
> > Please check the Kerberos configuration example [1]. You need to make
> > the same settings when you configure the KDC programatically (I myself
> > never tried this but want to do so at the weekend).
> >
> > Did you add the KeyDerivationInterceptor to the interceptor chain before
> > adding your entry?
> >
>
> That was the issue, it seems. For some reason, adding a
> KeyDerivationInterceptor to service.getInterceptors() doesn't work, but
> adding one to service.getInterceptorChain() works.
>

This is because when you get the interceptor list from the service you're
getting a cloned copy where your changes are not reflected in the actual
list maintained by the service. The chain however is mutable.  This reflects
some shortcomings in this API and should be fixed so users do not have this
problem again.


> However, how should I be setting passwords in my program? When I create
> users, I've been trying to just do this:
> entry.add("userPassword", password);
> But this results in a NPE when the KeyDerivationInterceptor tries to read
> the password from the new entry.
> If I add an entry manually though the Directory Studio, I now get this
> error
> from kinit:
> kinit: KDC has no support for padata type while getting initial credentials
> and this from ADS:
> 358279 [NioDatagramAcceptor-3] WARN
> org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler  -
> KDC
> has no support for padata type (16)
>
> and... what does that mean? I'll be looking around for it, but I've never
> seen the term padata before, and I've read a good bit on Kerberos.
>
>
You have a stack trace?



> Thanks,
> Andrew Wiley
>



-- 
Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org
To set up a meeting with me: http://tungle.me/AlexKarasulu

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message