directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hebron <>
Subject GSSAPI authentication using Java client
Date Fri, 11 Mar 2011 10:44:03 GMT

I'm experimenting with GSSAPI authentication against ApacheDS 1.5.7. 
Following various guides I have it working such that I am successfully 
issued a TGT using kinit (on Debian) - changes mainly involved enabling 
crypto protocols in server.xml. However, when I try to authenticate with 
a java client I get always get this error:

Kerberos username [rob]: hnelson@EXAMPLE.COM
Kerberos password for hnelson@EXAMPLE.COM:
default etypes for default_tkt_enctypes: 16.
default etypes for default_tkt_enctypes: 16.
 >>> KrbAsReq calling createMessage
 >>> KrbAsReq in createMessage
 >>> KrbKdcReq send: kdc=<kdc address> UDP:60088, timeout=30000, number 
of retries =3, #bytes=134
 >>> KDCCommunication: kdc=<kdc address> UDP:60088, 
timeout=30000,Attempt =1, #bytes=134
 >>> KrbKdcReq send: #bytes read=536
 >>> KrbKdcReq send: #bytes read=536
 >>> KdcAccessibility: remove <kdc address>:60088
 >>> EType:
Authentication failed:
   Checksum failed

.. with no error logged on the server. I'm guessing that a checksum 
verification has failed. This error is also logged when I try to 
authenticate to ApacheDS server in Apache Directory Studio. I'm able to 
log on to a production MIT KDC using the same java code with no problem.

A search hasn't turned up much - any ideas of what I could try?



View raw message