You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by Reid Varner <r....@samsung.com> on 2014/04/21 22:05:23 UTC

[ApacheDS] [Studio] ApacheDS 2.0.0 and Kerberos Setup

Hello,


I am tasked with setting up an ApacheDS 2.0.0 LDAP + Kerberos (including KDC) server for use in our testing environment. I followed this guide<https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html>, but am unable to successfully authenticate with my LDAP server using Kerberos as per the final step on that page.

I am using Apache Directory Studio 2.0.0.

When I have "Require Pre-Authentication By Encrypted TimeStamp" checked, I get the error:javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31)

When I uncheck that field, restart the server, and try to connect using Kerberos, I get: javax.security.auth.login.LoginException: Checksum Failed

I am sure the username and password I am supplying is correct. What could be the problem? Has anyone successfully set up ApacheDS 2.0.0 with Kerberos?

Is there a guide I should be following somewhere?

It seems the folks over at ApacheDS have yet to document configuration<http://directory.apache.org/apacheds/kerberos-ug/2-kerberos-config.html> of their Kerberos server.



Any help would be much appreciated!



Thanks,

Reid

Re: [ApacheDS] [Studio] ApacheDS 2.0.0 and Kerberos Setup

Posted by Emmanuel Lécharny <el...@gmail.com>.

Le 4/21/14 10:05 PM, Reid Varner a écrit :
> Hello,
>
>
> I am tasked with setting up an ApacheDS 2.0.0 LDAP + Kerberos (including KDC) server for use in our testing environment. I followed this guide<https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html>, but am unable to successfully authenticate with my LDAP server using Kerberos as per the final step on that page.
>
> I am using Apache Directory Studio 2.0.0.
>
> When I have "Require Pre-Authentication By Encrypted TimeStamp" checked, I get the error:javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31)
>
> When I uncheck that field, restart the server, and try to connect using Kerberos, I get: javax.security.auth.login.LoginException: Checksum Failed
>
> I am sure the username and password I am supplying is correct. What could be the problem? Has anyone successfully set up ApacheDS 2.0.0 with Kerberos?
>
> Is there a guide I should be following somewhere?

be sure to follow the documentation very carefuly. All the elements are
case sensitive. Also check you host name, which should be what you have
in the SASL hostname too.

What is the encryption type you have selected ? WXhat is the Java
version you are using ? What is the OS you are running on ? And finally,
what is the exact version of ApacheDS and Studio you are using ?


I *know* that setting all this is a real pain in the ApacheDS, but it
should work...


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com