You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Enrique Rodriguez (JIRA)" <ji...@apache.org> on 2007/12/20 02:38:43 UTC

[jira] Resolved: (DIRSERVER-1095) [kerberos client]Kerberos Client lacks support for different encrypt types.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Enrique Rodriguez resolved DIRSERVER-1095.
------------------------------------------

    Resolution: Fixed

Added support to kerberos-client for different encryption types (DIRSERVER-1095):
o  KdcControls object can now be used to customize desired encryption types.

Committed to kerberos-client module on revision 605783.

http://svn.apache.org/viewcvs.cgi?view=rev&rev=605783


> [kerberos client]Kerberos Client lacks support for different encrypt types.
> ---------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1095
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1095
>             Project: Directory ApacheDS
>          Issue Type: Bug
>            Reporter: Leo Li
>            Assignee: Enrique Rodriguez
>
> Hi, all
>       The "DES-CBC-MD5" is the only encrypt type supported by current kerberos client and it fails to get TGT from MIT KDC server  Krb5-1.5.4 since the KDC server does not support this encrypt type now.
>      
>   Below is the program:
>   String hostname = "wks107904wss.cn.ibm.com";
>   int port = 88;
>   KdcConnection con = new KdcConnection( hostname + ":" + port );
>   KerberosTicket tgt = con.getTicketGrantingTicket( clientPrincipal,
> password );
>   But it fails with such stacktrace:
>   Exception in thread "main"
> org.apache.directory.client.kerberos.KdcConnectionException:
> BAD_ENCRYPTION_TYPE
> at org.apache.directory.client.kerberos.GetTicketGrantingTicket.processError(GetTicketGrantingTicket.java:167)
> at org.apache.directory.client.kerberos.GetTicketGrantingTicket.execute(GetTicketGrantingTicket.java:153)
> at org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:118)
> at org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:101)
> at org.apache.directory.client.kerberos.Main.go(Main.java:62)
> at org.apache.directory.client.kerberos.Main.main(Main.java:55)
>  And on the kdc side, the server has such log:
>  Oct 23 16:12:28 wks107904wss.cn.ibm.com krb5kdc[2304](info) :
> AS_REQ(1 etypes{3}) 9.181.106.61:BAD_ENCRYPTION_TYPE:leo@EXAMPLE.COM
> for krbtgt/EXAMPLE.COM@EXAMPLE.COM, KDC has no support for encryption
> type
>       

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.