Return-Path: 
 <users-return-3213-apmail-directory-users-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-users-archive@www.apache.org
Received: (qmail 50827 invoked from network); 22 Apr 2010 05:42:33 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 22 Apr 2010 05:42:33 -0000
Received: (qmail 21708 invoked by uid 500); 22 Apr 2010 05:42:33 -0000
Delivered-To: apmail-directory-users-archive@directory.apache.org
Received: (qmail 21494 invoked by uid 500); 22 Apr 2010 05:42:30 -0000
Mailing-List: contact users-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@directory.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@directory.apache.org>
List-Post: <mailto:users@directory.apache.org>
List-Id: <users.directory.apache.org>
Reply-To: users@directory.apache.org
Delivered-To: mailing list users@directory.apache.org
Received: (qmail 21486 invoked by uid 99); 22 Apr 2010 05:42:29 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Apr 2010 05:42:29 +0000
X-ASF-Spam-Status: No, hits=2.2 required=10.0
	tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of akarasulu@gmail.com designates
 72.14.220.156 as permitted sender)
Received: from [72.14.220.156] (HELO fg-out-1718.google.com) (72.14.220.156)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Apr 2010 05:42:23 +0000
Received: by fg-out-1718.google.com with SMTP id d23so218805fga.1
        for <users@directory.apache.org>;
 Wed, 21 Apr 2010 22:42:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:received:message-id:subject:from:to:content-type;
        bh=C4E32+qI/Cpjn12OyC1jwznFXfDF6KxfgZPlmG4fnfg=;
        b=jNT9IpdtPCekja79nWoHLP0e1A3cJVwt9AdUY1c2k1IPgzB9ngtwnbdVD1ETeakS/6
         Si5pQk5Tfg3tnqLN483/+ZOyAeKF5I+lVerWWIRCOu2FFsQhbvqV8KQLw/uj+0a9+XcL
         WgQVsKaEI359rs8Ai6TTEVGRSqo3ejteZQn+Y=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=cDyRhCpNqur6a9QrLpaZ5cgTjIdfbz7N4VpjQyDlg5L+INan6hTL33PyZ7cyV7tGkH
         lrCIPPeCUerhWT7uDyCHOgZGkv5eS9Avuz1vC1ZL2HgOidOIXpqkarOGewL7O85mwN7p
         zmI8HfBjnXwqSCiooY2fNWX4KortIx8PQZsXE=
MIME-Version: 1.0
Received: by 10.239.188.68 with HTTP; Wed, 21 Apr 2010 22:42:02 -0700 (PDT)
In-Reply-To: <k2tecbbfeda1004211708xa9f16143y631125222a74bc89@mail.gmail.com>
References: <j2qecbbfeda1004211333j85fda795gcc498c7ea5555d11@mail.gmail.com>
	 <4BCF6EE0.6070503@apache.org>
	 <k2tecbbfeda1004211708xa9f16143y631125222a74bc89@mail.gmail.com>
Date: Thu, 22 Apr 2010 08:42:02 +0300
Received: by 10.239.132.136 with SMTP id 8mr855694hbr.114.1271914922756; Wed,
	21 Apr 2010 22:42:02 -0700 (PDT)
Message-ID: <g2oa32f6b021004212242ja7e3b11h6d42eec4a8c5df22@mail.gmail.com>
Subject: Re: Kerberos Can't Find Users
From: Alex Karasulu <akarasulu@gmail.com>
To: users@directory.apache.org
Content-Type: multipart/alternative; boundary=001485f5b18827cabe0484ccc57b
X-Virus-Checked: Checked by ClamAV on apache.org

--001485f5b18827cabe0484ccc57b
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Apr 22, 2010 at 3:08 AM, Andrew Wiley <debio264@gmail.com> wrote:

> On Wed, Apr 21, 2010 at 4:32 PM, Stefan Seelmann <seelmann@apache.org
> >wrote:
> >
> > Please check the Kerberos configuration example [1]. You need to make
> > the same settings when you configure the KDC programatically (I myself
> > never tried this but want to do so at the weekend).
> >
> > Did you add the KeyDerivationInterceptor to the interceptor chain before
> > adding your entry?
> >
>
> That was the issue, it seems. For some reason, adding a
> KeyDerivationInterceptor to service.getInterceptors() doesn't work, but
> adding one to service.getInterceptorChain() works.
>

This is because when you get the interceptor list from the service you're
getting a cloned copy where your changes are not reflected in the actual
list maintained by the service. The chain however is mutable.  This reflects
some shortcomings in this API and should be fixed so users do not have this
problem again.


> However, how should I be setting passwords in my program? When I create
> users, I've been trying to just do this:
> entry.add("userPassword", password);
> But this results in a NPE when the KeyDerivationInterceptor tries to read
> the password from the new entry.
> If I add an entry manually though the Directory Studio, I now get this
> error
> from kinit:
> kinit: KDC has no support for padata type while getting initial credentials
> and this from ADS:
> 358279 [NioDatagramAcceptor-3] WARN
> org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler  -
> KDC
> has no support for padata type (16)
>
> and... what does that mean? I'll be looking around for it, but I've never
> seen the term padata before, and I've read a good bit on Kerberos.
>
>
You have a stack trace?



> Thanks,
> Andrew Wiley
>



-- 
Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org
To set up a meeting with me: http://tungle.me/AlexKarasulu

--001485f5b18827cabe0484ccc57b--