directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Schmidt <oliver.schmidt....@arcor.de>
Subject Problem using OpenSSH and GSSAPI: Missing argument
Date Mon, 06 Jun 2011 20:15:38 GMT
Hi,

I tried applying the steps in
https://cwiki.apache.org/DIRxINTEROP/kerberos-authentication-to-sshd.html to my ApacheDS and
OpenSSH setup. I faced problems with MIT's kinit and chose to use Heimdal. In order to successfully
kinit with Heimdal, I had to set <spring:property name="encryptionTypes"> to AES128_CTS_HMAC_SHA1_96
only.

In order to do the kinit test with the keytab file, I had to set the
property paEncTimestampRequired to false. Both settings reduce security
but at least the setup seemed to work.

When I try to use use ssh with GSSAPI now, the following error appears:

[18:36:44] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Verifying body
checksum type 'HMAC_SHA1_96_AES128'.

[18:36:44] ERROR
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- ERR_152 Unexpected exception: Missing argument
java.lang.IllegalArgumentException: Missing argument
	at javax.crypto.spec.SecretKeySpec.<init>(DashoA13*..)

SSH tries several times to get the TGT but all further request are
denied with the message "Request is a replay".

Any idea? :-)

Kind regards
Oliver




Mime
View raw message