You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Enrique Rodriguez (JIRA)" <ji...@apache.org> on 2007/12/20 02:38:43 UTC
[jira] Resolved: (DIRSERVER-1095) [kerberos client]Kerberos Client
lacks support for different encrypt types.
[ https://issues.apache.org/jira/browse/DIRSERVER-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Enrique Rodriguez resolved DIRSERVER-1095.
------------------------------------------
Resolution: Fixed
Added support to kerberos-client for different encryption types (DIRSERVER-1095):
o KdcControls object can now be used to customize desired encryption types.
Committed to kerberos-client module on revision 605783.
http://svn.apache.org/viewcvs.cgi?view=rev&rev=605783
> [kerberos client]Kerberos Client lacks support for different encrypt types.
> ---------------------------------------------------------------------------
>
> Key: DIRSERVER-1095
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1095
> Project: Directory ApacheDS
> Issue Type: Bug
> Reporter: Leo Li
> Assignee: Enrique Rodriguez
>
> Hi, all
> The "DES-CBC-MD5" is the only encrypt type supported by current kerberos client and it fails to get TGT from MIT KDC server Krb5-1.5.4 since the KDC server does not support this encrypt type now.
>
> Below is the program:
> String hostname = "wks107904wss.cn.ibm.com";
> int port = 88;
> KdcConnection con = new KdcConnection( hostname + ":" + port );
> KerberosTicket tgt = con.getTicketGrantingTicket( clientPrincipal,
> password );
> But it fails with such stacktrace:
> Exception in thread "main"
> org.apache.directory.client.kerberos.KdcConnectionException:
> BAD_ENCRYPTION_TYPE
> at org.apache.directory.client.kerberos.GetTicketGrantingTicket.processError(GetTicketGrantingTicket.java:167)
> at org.apache.directory.client.kerberos.GetTicketGrantingTicket.execute(GetTicketGrantingTicket.java:153)
> at org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:118)
> at org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:101)
> at org.apache.directory.client.kerberos.Main.go(Main.java:62)
> at org.apache.directory.client.kerberos.Main.main(Main.java:55)
> And on the kdc side, the server has such log:
> Oct 23 16:12:28 wks107904wss.cn.ibm.com krb5kdc[2304](info) :
> AS_REQ(1 etypes{3}) 9.181.106.61:BAD_ENCRYPTION_TYPE:leo@EXAMPLE.COM
> for krbtgt/EXAMPLE.COM@EXAMPLE.COM, KDC has no support for encryption
> type
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.