You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Craig McLure (JIRA)" <ji...@apache.org> on 2015/04/14 21:40:59 UTC

[jira] [Created] (DIRSERVER-2059) Kerberos Password Change Server Failure

Craig McLure created DIRSERVER-2059:
---------------------------------------

             Summary: Kerberos Password Change Server Failure
                 Key: DIRSERVER-2059
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2059
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: 2.0.0-M19
         Environment: Linux
            Reporter: Craig McLure


I've been trying to get kpasswd to correctly change a users password, but it always failed, after doing some digging and debugging, I discovered the following:

*org.apache.directory.server.kerberos.ChangePasswordConfig*
Primary realm is never set, resulting in inheritance of default EXAMPLE.COM realm regardless of the realm configured. Adding:
{{this.setPrimaryRealm( kdcConfig.getPrimaryRealm() );}}
into the constructor resolved this.

*org.apache.directory.server.kerberos.changepwd.service.ChangePasswordService*
in {{extractPassword}} there's the following check:
{{if( authenticator.getSeqNumber() != privatePart.getSeqNumber() )}}
However, the Authenticator's Sequence Number is never set, resulting in this throwing a NullPointerException. Commenting out the check, admittedly unwise, allows the code to proceed normally.

With both these changes, password changing via kpasswd is possible again.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)