You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Craig McLure (JIRA)" <ji...@apache.org> on 2015/04/14 21:40:59 UTC
[jira] [Created] (DIRSERVER-2059) Kerberos Password Change Server
Failure
Craig McLure created DIRSERVER-2059:
---------------------------------------
Summary: Kerberos Password Change Server Failure
Key: DIRSERVER-2059
URL: https://issues.apache.org/jira/browse/DIRSERVER-2059
Project: Directory ApacheDS
Issue Type: Bug
Affects Versions: 2.0.0-M19
Environment: Linux
Reporter: Craig McLure
I've been trying to get kpasswd to correctly change a users password, but it always failed, after doing some digging and debugging, I discovered the following:
*org.apache.directory.server.kerberos.ChangePasswordConfig*
Primary realm is never set, resulting in inheritance of default EXAMPLE.COM realm regardless of the realm configured. Adding:
{{this.setPrimaryRealm( kdcConfig.getPrimaryRealm() );}}
into the constructor resolved this.
*org.apache.directory.server.kerberos.changepwd.service.ChangePasswordService*
in {{extractPassword}} there's the following check:
{{if( authenticator.getSeqNumber() != privatePart.getSeqNumber() )}}
However, the Authenticator's Sequence Number is never set, resulting in this throwing a NullPointerException. Commenting out the check, admittedly unwise, allows the code to proceed normally.
With both these changes, password changing via kpasswd is possible again.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)