directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Frain <ivan.fr...@gmail.com>
Subject apacheds 1.5.7 kdc server problem on Mac OS X
Date Thu, 30 Aug 2012 08:31:48 GMT
Hi all,

I am having trouble with the configuration of apcheDS kdcServer
configuration.
I am using apacheDS 1.5.7 from tar.gz archive and running on Mac OS X.
My java version "1.7.0_05" 64 bits

I have successfully started the server and kdcServer is up and running.
I have configured the partition and set up one user. The krb5key was
generated since I enable the keyDerivation interceptor.

The problem comes when I use kinit:

$ kinit ifrain@HADOOP.LAN
ifrain@HADOOP.LAN's Password:
kinit: krb5_get_init_creds: KDC has no support for encryption type


Any help would be much appreciated.

Thanks in advance

Ivan


I switched on DEBUG LOG LEVEL for kdc server and here is the log:

[10:24:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.198.1:59026 CREATED:  datagram
[10:24:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.198.1:59026 OPENED
[10:24:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.198.1:59026 RCVD:
 org.apache.directory.server.kerberos.shared.messages.KdcRequest@2a48a09f
[10:24:29] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Received Authentication Service (AS) request:
messageType:           AS_REQ
protocolVersionNumber: 5
clientAddress:         192.168.198.1
nonce:                 850330990
kdcOptions:            FORWARDABLE
clientPrincipal:       ifrain@HADOOP.LAN
serverPrincipal:       krbtgt/HADOOP.LAN@HADOOP.LAN
encryptionType:        aes256-cts-hmac-sha1-96 (18), rc4-hmac (23),
aes128-cts-hmac-sha1-96 (17), des3-cbc-sha1-kd (16)
realm:                 HADOOP.LAN
from time:             null
till time:             20120830182417Z
renew-till time:       null
hostAddresses:         null
[10:24:29] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Session will use encryption type null.
[10:24:29] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
KDC has no support for encryption type (14)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
KDC has no support for encryption type
at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.selectEncryptionType(AuthenticationService.java:141)
at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:103)
at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
[10:24:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Responding to request with error:
explanatory text:      KDC has no support for encryption type
error code:            14
clientPrincipal:       null
client time:           null
serverPrincipal:       krbtgt/EXAMPLE.COM@EXAMPLE.COM
server time:           20120830082429Z
[10:24:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.198.1:59026 SENT:
 org.apache.directory.server.kerberos.shared.messages.ErrorMessage@4fa7b2bf
[10:25:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.198.1:59026 CLOSED



-- 
Ivan Frain
11, route de Grenade
31530 Saint-Paul-sur-Save
mobile: +33 (0)6 52 52 47 07

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message