directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng, Kai" <kai.zh...@intel.com>
Subject RE: Kerberos issue - reg
Date Fri, 06 Mar 2015 23:08:39 GMT
Did you run kinit on Linux with MIT Kerberos client package installed ? Or you’re running
any Java provided kinit command ?

The issue might be related to the issue,
http://bugs.java.com/bugdatabase/view_bug.do?bug_id=7067974

This is possible because ApacheDS currently relies on JRE in the encryption support. Similar
issues like this had been complained quite much if you’d like google about it. Unfortunately
no plain solution is clear to me. One stupid way to work around this would suggest you disable
preauth if ApacheDS server allows that via configuration.

By the way, we will check compatibility between Kerby with MIT Kerberos/MS AD and keep such
issue in mind. With such aspects resolved we would enhance ApacheDS by leveraging Kerby library
if the server still desire to embed a KDC server. But this won’t happen so soon so it may
not help for you at this time.

Regards,
Kai

From: kumar r [mailto:rajkumar9880@gmail.com]
Sent: Friday, March 06, 2015 7:02 PM
To: dev@directory.apache.org; users@directory.apache.org
Subject: Kerberos issue - reg

Hi,
   I have installed ApacheDS 2.0.0-M19, i could successfully create users, groups  using ldap.
When i enable kerberos, it couldn't authenticate from apache studio or kinit command. When
trying to get ticket using kinit command, i am getting "Integrity check on decrypted field
failed" exception. When i use invalid principal, it shows "client not found". It seems that
 it could contact KDC server in apacheds but it might be encryption problem. Checked these
in windows 8 OS. Referred many links but unable to find the solution. Found two jira task
link related to this problem
https://issues.apache.org/jira/browse/DIRSERVER-1821
https://issues.apache.org/jira/browse/DIRSTUDIO-992
  I have created krbtgt and ldap service referred in https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html.
  Can you please tell me how to solve this problem?
Thanks,
R.Kumar
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message