directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sidda Eraiah <sidda.era...@kaazing.com>
Subject ApacheDS does not recognize RC4-HMAC encryption type
Date Thu, 07 Oct 2010 17:05:56 GMT
All,

I am resending this mail with the hope that some of you have a
solution for this.

I have Apache-DS (1.5.7) with  Kerberos Domain Controller starting up
correctly and generating tickets using the default encryption type.

Due to a customer requirement, I have to use encryption type of RC4-HMAC.
Based on what I could find this needs me to add a <encryptionsType> property
to the kdcServer like this:

  <kdcServer id="kdcServer"  searchBaseDn="ou=Users,dc=example,dc=com">
    <transports>
      <tcpTransport port="60088" nbThreads="4" backLog="50"/>
      <udpTransport port="60088" nbThreads="4" backLog="50"/>
    </transports>
    <directoryService>#directoryService</directoryService>
    <encryptionTypes>rc4-hmac</encryptionTypes>
  </kdcServer>

with this change to the server.xml the server comes up fine. But trying to
get a ticket out of KDC fails with the following error:

$~/share/apacheds_1.5.7$ kinit
hnelson@EXAMPLE.COMhnelson@EXAMPLE.COM's Password:
kinit: krb5_get_init_creds: KDC has no support for encryption type

I see a warning in the ApacheDS like this:

[14:12:49] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
KDC has no support for encryption type (14)

One of the ApacheDS developer suggested the following in the IRC channel:

<spring:bean id="enc" class="java.util.HashSet">
   <spring:constructor-arg>
    <spring:list>
      <spring:value
type="org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType">RC4_HMAC</spring:value>
    </spring:list>
   </spring:constructor-arg>
  </spring:bean>
  <kdcServer id="kdcServer">
    <transports>
      <tcpTransport port="60088" nbThreads="4" backLog="50"/>
      <udpTransport port="60088" nbThreads="4" backLog="50"/>
    </transports>
    <directoryService>#directoryService</directoryService>
    <encryptionTypes>#enc</encryptionTypes>
  </kdcServer>

This also gives the same error.

Have any of you got the encryption type of RC4-HMAC to work with ApacheDS
KDC?

Your thoughts and suggestions on how to get this to work is really
appreciated.

Thanks in advance.


-- 
Best Regards,
Sidda

Director of Management Services
>|< <http://kaazing.me> Kaazing Corporation <http://kaazing.com> >|<<http://kaazing.me/visitors.html>
444 Castro St., Suite 1100, Mountain View, CA 94041

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message