You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by siva venkat <si...@gmail.com> on 2016/06/20 05:04:02 UTC
Re: Kerberos Login fails through Apache Directory Studio
Hi,
Did you get a chance to go through my issue ?. Can you please help me to
setup Kerberos in my Windows 7 machine
Thanks,
Siva
On Wed, Jun 15, 2016 at 8:41 PM, siva venkat <si...@gmail.com> wrote:
> Hi,
>
> I am using latest ApacheDS 2.0.0-M21
> <http://directory.apache.org/apacheds/downloads.html> , for Kerberose
> login, I followed all steps mentioned in
> http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html
> .
>
> I am getting error"*javax.security.auth.login.LoginException: Integrity
> check on decrypted field failed (31)*" when "Require Pre-Authentication
> By Encrypted TimeStamp" checked.
> I am getting error "*javax.security.auth.login.LoginException: Checksum
> Failed*" when "Require Pre-Authentication By Encrypted TimeStamp" is
> unchecked.
>
>
>
> *Can you please tell how to fix this issue* ?
>
> Seems many other folks facing this issue, see this link
> http://stackoverflow.com/questions/23140518/apacheds-and-kerberos-setup.
>
> Thanks,
> Siva
>
Re: Kerberos Login fails through Apache Directory Studio
Posted by David Tildesley <da...@yahoo.co.nz.INVALID>.
Are both the client and server in this test set to an accurate NTP time source? If the respective clocks drift apart by more than a couple of minutes then the integrity check will fail.
On Monday, 20 June 2016 6:19 PM, siva venkat <si...@gmail.com> wrote:
Hi,
Did you get a chance to go through my issue ?. Can you please help me to setup Kerberos in my Windows 7 machine
Thanks,
Siva
On Wed, Jun 15, 2016 at 8:41 PM, siva venkat <si...@gmail.com> wrote:
Hi,
I am using latest ApacheDS 2.0.0-M21 , for Kerberose login, I followed all steps mentioned in http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html .
I am getting error"javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31)" when "Require Pre-Authentication By Encrypted TimeStamp" checked.
I am getting error "javax.security.auth.login.LoginException: Checksum Failed" when "Require Pre-Authentication By Encrypted TimeStamp" is unchecked.
Can you please tell how to fix this issue ?
Seems many other folks facing this issue, see this link http://stackoverflow.com/questions/23140518/apacheds-and-kerberos-setup.
Thanks,
Siva
Re: Kerberos Login fails through Apache Directory Studio
Posted by David Tildesley <da...@yahoo.co.nz>.
Are both the client and server in this test set to an accurate NTP time source? If the respective clocks drift apart by more than a couple of minutes then the integrity check will fail.
On Monday, 20 June 2016 6:19 PM, siva venkat <si...@gmail.com> wrote:
Hi,
Did you get a chance to go through my issue ?. Can you please help me to setup Kerberos in my Windows 7 machine
Thanks,
Siva
On Wed, Jun 15, 2016 at 8:41 PM, siva venkat <si...@gmail.com> wrote:
Hi,
I am using latest ApacheDS 2.0.0-M21 , for Kerberose login, I followed all steps mentioned in http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html .
I am getting error"javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31)" when "Require Pre-Authentication By Encrypted TimeStamp" checked.
I am getting error "javax.security.auth.login.LoginException: Checksum Failed" when "Require Pre-Authentication By Encrypted TimeStamp" is unchecked.
Can you please tell how to fix this issue ?
Seems many other folks facing this issue, see this link http://stackoverflow.com/questions/23140518/apacheds-and-kerberos-setup.
Thanks,
Siva
Re: Kerberos Login fails through Apache Directory Studio
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
Hi Siva,
please let us know the exact versions you are using:
* Studio version
* ApacheDS version
* Java version
The message "Integrity check on decrypted field failed (31)" may also
mean that the password doesn't match. Please make sure that the password
you set for the "hnelson" user is in *plaintext*. You can set a new
password by browing to the
uid=hnelson,ou=users,dc=security,dc=example,dc=com user, edit the
userPassword, and important to use "Plaintext" as hash method. Once
changed the entry probably shows the a "SSHA hash password", that is
because by default the server hashes the password on the server side
after the KRB5 key was derived.
I tested the tutorial twice:
* With current Studio/ApacheDS development version, everything worked
fine with Java 7. But when using Java 8 it hang when opening the
connections, I have to investigate.
* With ApacheDS 2.0.0-M21, there I saw that the keyDerivationInterceptor
was not enabled and thus no krb5key was generated.
I'll continue testing later.
Kind Regards,
Stefan
PS: Please don't cross-post to all mailing lists, I only kept users@ and
kerby@.
On 06/20/2016 07:04 AM, siva venkat wrote:
> Hi,
>
> Did you get a chance to go through my issue ?. Can you please help me to
> setup Kerberos in my Windows 7 machine
>
> Thanks,
> Siva
>
> On Wed, Jun 15, 2016 at 8:41 PM, siva venkat <si...@gmail.com> wrote:
>
>> Hi,
>>
>> I am using latest ApacheDS 2.0.0-M21
>> <http://directory.apache.org/apacheds/downloads.html> , for Kerberose
>> login, I followed all steps mentioned in
>> http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html
>> .
>>
>> I am getting error"*javax.security.auth.login.LoginException: Integrity
>> check on decrypted field failed (31)*" when "Require Pre-Authentication
>> By Encrypted TimeStamp" checked.
>> I am getting error "*javax.security.auth.login.LoginException: Checksum
>> Failed*" when "Require Pre-Authentication By Encrypted TimeStamp" is
>> unchecked.
>>
>>
>> \u200b
>> *Can you please tell how to fix this issue* ?
>>
>> Seems many other folks facing this issue, see this link
>> http://stackoverflow.com/questions/23140518/apacheds-and-kerberos-setup.
>>
>> Thanks,
>> Siva
>>
>