[
https://issues.apache.org/jira/browse/DIRKRB-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13912896#comment-13912896
]
Emmanuel Lecharny commented on DIRKRB-100:
------------------------------------------
It would be valuable to get the full PDU as hex. The message you get just tell
that there is a wrong value in some place where we expect to have a length,
which means either the client has sent some bad data, or that the server has a
bug in the decoder, or that the message being decoded is not the right one. But
without the PDU, we can't tell wha'ts wrong...
> Active Directory support for KdcConnection
> ------------------------------------------
>
> Key: DIRKRB-100
> URL: https://issues.apache.org/jira/browse/DIRKRB-100
> Project: Directory Kerberos
> Issue Type: Improvement
> Reporter: Eirik Bjorsnos
> Assignee: Emmanuel Lecharny
>
> I'm testing KdcConnection.getTgt() with Microsoft Active Directory.
> My first test failed with AD responding with first saying
> KRB5KRB_ERR_PREAUTH_REQUIRED (expected), then KRB5KRB_ERR_PREAUTH_FAILED (not
> expected).
> Since PREAUTH_FAILED is what you'll also get if your password is wrong, I
> enabled "Do not use pre authentication" for the account being tested and
> verified via kinit on OS X that no pre authentication was sent there.
> When testing getTgt with no preauth, I now get the following exception:
> Exception in thread "main"
> org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException:
> Request failed due to being malformed.
> at
> org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder.decodeEncTgsRepPart(KerberosDecoder.java:684)
> at
> org.apache.directory.kerberos.client.KdcConnection._getTgt(KdcConnection.java:329)
> at
> org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:181)
> at
> org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:145)
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
