You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@directory.apache.org by Reid Varner <r....@samsung.com> on 2014/05/07 20:30:14 UTC

ApacheDS and Kerberos Setup

Hello,



I am tasked with setting up an ApacheDS 2.0.0 LDAP + Kerberos (including KDC) server for use in our testing environment. I followed this guide<https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html>, but am unable to successfully authenticate with my LDAP server using Kerberos as per the final step on that page.

I am using the latest Apache Directory Studio (2.0.0.v20130628).

When I have "Require Pre-Authentication By Encrypted TimeStamp" checked and I click "Check Authentication", I get the error:javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31)

When I uncheck that field, restart the server, and click "Check Authentication" again, I get: javax.security.auth.login.LoginException: Checksum Failed



I am sure the username and password I am supplying is correct. What could be the problem? Has anyone successfully set up ApacheDS 2.0.0 with Kerberos? Is there a guide I should be following somewhere?

It seems the folks over at ApacheDS have yet to document configuration<http://directory.apache.org/apacheds/kerberos-ug/2-kerberos-config.html> of their Kerberos server.

Fyi, my configuration is exactly as per the guide<https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html>.

Many thanks,

Reid

Re: ApacheDS and Kerberos Setup

Posted by Kiran Ayyagari <ka...@apache.org>.

On Thu, May 8, 2014 at 12:00 AM, Reid Varner <r....@samsung.com> wrote:

> Hello,
>
>
>
> I am tasked with setting up an ApacheDS 2.0.0 LDAP + Kerberos (including
> KDC) server for use in our testing environment. I followed this guide<
> https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html>,
> but am unable to successfully authenticate with my LDAP server using
> Kerberos as per the final step on that page.
>
> I am using the latest Apache Directory Studio (2.0.0.v20130628).
>
> When I have "Require Pre-Authentication By Encrypted TimeStamp" checked
> and I click "Check Authentication", I get the
> error:javax.security.auth.login.LoginException: Integrity check on
> decrypted field failed (31)
>
> When I uncheck that field, restart the server, and click "Check
> Authentication" again, I get: javax.security.auth.login.LoginException:
> Checksum Failed
>
>
>
> I am sure the username and password I am supplying is correct. What could
> be the problem? Has anyone successfully set up ApacheDS 2.0.0 with
> Kerberos? Is there a guide I should be following somewhere?
>
> It seems the folks over at ApacheDS have yet to document configuration<
> http://directory.apache.org/apacheds/kerberos-ug/2-kerberos-config.html>
> of their Kerberos server.
>
> Fyi, my configuration is exactly as per the guide<
> https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html
> >.
>
> this configuration is correct and I confirm that this works as expected
with version 2.0.0-M16.

Can you replace your server's log4j.properties with this
http://pastebin.com/Hqzt96Aw
and send us the log (you cannot attach to the mail, so use any pastebin
site and provide us the link)

otoh, your mail was delivered to us today due to an issue with ASF's mail
server.

> Many thanks,
>
> Reid
>



-- 
Kiran Ayyagari
http://keydap.com