directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: Set up ApacheDS Kerberos Service
Date Sun, 26 Sep 2010 08:59:28 GMT
Hi Tom,

sorry for the late answer.

Did you configure the primaryRealm and servicePrincipal properties of
the changePasswordServer? The syntax of the server.xml is described in
an XML schema [2], a human-readable form is provided at [1].

HTH,
Stefan

[1] http://repo1.maven.org/maven2/org/apache/directory/server/apacheds-xbean-spring/1.5.7/apacheds-xbean-spring-1.5.7-schema.html
[2] http://repo1.maven.org/maven2/org/apache/directory/server/apacheds-xbean-spring/1.5.7/apacheds-xbean-spring-1.5.7.xsd


On Thu, Sep 23, 2010 at 11:32 PM, Tom Taylor <exilkoelner@hotmail.com> wrote:
>
> Hello,
> i'm trying to set up ApachDS Server with Kerberos and Kpasswd service. I reproduced the
documented "EXAMPLE.COM" realm and everything worked fine. But when I change the realm to
another, kinit works fine. But when I try to use kpasswd, I get the error: The ticket isn't
for us
> I'm using ApacheDS 1.5.7
> [23:30:27] DEBUG [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler]
- /10.200.100.138:49348 CREATED:  datagram[23:30:27] DEBUG [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler]
- /10.200.100.138:49348 OPENED[23:30:27] DEBUG [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler]
- /10.200.100.138:49348 RCVD:  org.apache.directory.server.changepw.messages.ChangePasswordRequest@987197[23:30:27]
DEBUG [org.apache.directory.server.changepw.service.ChangePasswordService] - Responding to
change password request:        versionNumber    1[23:30:27] WARN [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler]
- The ticket isn't for usorg.apache.directory.server.kerberos.shared.exceptions.KerberosException:
The ticket isn't for us        at org.apache.directory.server.changepw.service.ChangePasswordService.verifyServiceTicket(ChangePasswordService.java:192)  
     at org.apache.directory.server.changepw.service.ChangePasswordService.execute(ChangePasswordService.java:85)  
     at org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler.messageReceived(ChangePasswordProtocolHandler.java:139)  
     at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)  
     at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)  
     at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)  
     at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)  
     at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)  
     at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)  
     at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)  
     at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)  
     at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)  
     at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)  
     at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)  
     at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)  
     at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)  
     at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)  
     at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)  
     at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)  
     at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)  
     at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)      
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)        at java.lang.Thread.run(Unknown
Source)[23:30:27] DEBUG [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler]
- /10.200.100.138:49348 SENT:  org.apache.directory.server.changepw.messages.ChangePasswordError@497904[23:31:21]
DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /10.200.100.138:49344
CLOSED[23:31:27] DEBUG [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler]
- /10.200.100.138:49348 CLOSED[23:31:27] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- /10.200.100.138:49347 CLOSED
>
> Has anybody an idea what's going wrong there?
> Best regards,
> Tom
>
>

Mime
View raw message