directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wiley <debio...@gmail.com>
Subject Re: Kerberos Can't Find Users
Date Thu, 22 Apr 2010 00:08:41 GMT
On Wed, Apr 21, 2010 at 4:32 PM, Stefan Seelmann <seelmann@apache.org>wrote:
>
> Please check the Kerberos configuration example [1]. You need to make
> the same settings when you configure the KDC programatically (I myself
> never tried this but want to do so at the weekend).
>
> Did you add the KeyDerivationInterceptor to the interceptor chain before
> adding your entry?
>

That was the issue, it seems. For some reason, adding a
KeyDerivationInterceptor to service.getInterceptors() doesn't work, but
adding one to service.getInterceptorChain() works.

However, how should I be setting passwords in my program? When I create
users, I've been trying to just do this:
entry.add("userPassword", password);
But this results in a NPE when the KeyDerivationInterceptor tries to read
the password from the new entry.
If I add an entry manually though the Directory Studio, I now get this error
from kinit:
kinit: KDC has no support for padata type while getting initial credentials
and this from ADS:
358279 [NioDatagramAcceptor-3] WARN
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler  - KDC
has no support for padata type (16)

and... what does that mean? I'll be looking around for it, but I've never
seen the term padata before, and I've read a good bit on Kerberos.

Thanks,
Andrew Wiley

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message