[
https://issues.apache.org/jira/browse/DIRKRB-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13915565#comment-13915565
]
Kiran Ayyagari commented on DIRKRB-100:
---------------------------------------
[~eirbjo] Can you perform one more test? this time without RC4 in the requested
encryption types of the client.
1. create KdcConfic kc
2. call kc.getEncryptionTypes().remove( EncryptionType.RC4_HMAC );
3. instantiate KdcConnection with the kc
4. authenticate with the principal [email protected]
Please attach pcap files as well if this _fails_.
> Active Directory support for KdcConnection
> ------------------------------------------
>
> Key: DIRKRB-100
> URL: https://issues.apache.org/jira/browse/DIRKRB-100
> Project: Directory Kerberos
> Issue Type: Improvement
> Reporter: Eirik Bjorsnos
> Assignee: Emmanuel Lecharny
>
> I'm testing KdcConnection.getTgt() with Microsoft Active Directory.
> My first test failed with AD responding with first saying
> KRB5KRB_ERR_PREAUTH_REQUIRED (expected), then KRB5KRB_ERR_PREAUTH_FAILED (not
> expected).
> Since PREAUTH_FAILED is what you'll also get if your password is wrong, I
> enabled "Do not use pre authentication" for the account being tested and
> verified via kinit on OS X that no pre authentication was sent there.
> When testing getTgt with no preauth, I now get the following exception:
> Exception in thread "main"
> org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException:
> Request failed due to being malformed.
> at
> org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder.decodeEncTgsRepPart(KerberosDecoder.java:684)
> at
> org.apache.directory.kerberos.client.KdcConnection._getTgt(KdcConnection.java:329)
> at
> org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:181)
> at
> org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:145)
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
