[ https://issues.apache.org/jira/browse/DIRKRB-659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007414#comment-17007414 ]
Colm O hEigeartaigh commented on DIRKRB-659: -------------------------------------------- I've revised the patch so that it applies to the current trunk code. I also added a test - however it fails as the realm is null, in KdcHandler: {code:java} String realm = getRequestRealm(kdcReq); if (realm == null || !kdcContext.getKdcRealm().equals(realm)) { LOG.error("Invalid realm from kdc request: " + realm); throw new KrbException(KrbErrorCode.WRONG_REALM, "Invalid realm from kdc request: " + realm); } {code} I'm not really sure what the correct behavior is here, so I'm leaving this issue until I get further guidance. > Support authentication with NT-ENTERPRISE principal names > --------------------------------------------------------- > > Key: DIRKRB-659 > URL: https://issues.apache.org/jira/browse/DIRKRB-659 > Project: Directory Kerberos > Issue Type: New Feature > Affects Versions: 1.0.1 > Reporter: Dmitry Bedrin > Assignee: Colm O hEigeartaigh > Priority: Major > Labels: patch, windows > Attachments: DIRKRB-659-revised.patch, > DIRKRB_659__Support_authentication_with_NT_ENTERPRISE_principal_names.patch > > Original Estimate: 24h > Time Spent: 4h > Remaining Estimate: 20h > > Apache Kerby currently doesn't support authentication using NT-ENTERPRISE > principal names. > See https://tools.ietf.org/html/rfc6806.html for details > _KrbClientBase_ provides a method for requesting _TGT_ with arbitrary > _KOptions_ > public TgtTicket requestTgt(KOptions requestOptions) throws KrbException > However even if I set KrbOption.AS_ENTERPRISE_PN and use username like > "usern...@dns.domain.name" Kerby Client will treat the dns.domain.name as a > realm name despite the AS_ENTERPRISE_PN setting -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org