[
https://issues.apache.org/jira/browse/DIRKRB-659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007414#comment-17007414
]
Colm O hEigeartaigh edited comment on DIRKRB-659 at 1/3/20 11:16 AM:
---------------------------------------------------------------------
I've revised the patch so that it applies to the current trunk code. I also
added a test (@Ignored here
[https://github.com/apache/directory-kerby/commit/488aee1f181395ed0ccd0ae3d1f7f3c4be9af9b1
|https://github.com/apache/directory-kerby/commit/488aee1f181395ed0ccd0ae3d1f7f3c4be9af9b1]-
however it fails as the realm is null, in KdcHandler:
{code:java}
String realm = getRequestRealm(kdcReq);
if (realm == null || !kdcContext.getKdcRealm().equals(realm)) {
LOG.error("Invalid realm from kdc request: " + realm);
throw new KrbException(KrbErrorCode.WRONG_REALM,
"Invalid realm from kdc request: " + realm);
}
{code}
I'm not really sure what the correct behavior is here, so I'm leaving this
issue until I get further guidance.
was (Author: coheigea):
I've revised the patch so that it applies to the current trunk code. I also
added a test (@Ignored here
[https://github.com/apache/directory-kerby/commit/488aee1f181395ed0ccd0ae3d1f7f3c4be9af9b1|https://github.com/apache/directory-kerby/commit/488aee1f181395ed0ccd0ae3d1f7f3c4be9af9b1)]
- however it fails as the realm is null, in KdcHandler:
{code:java}
String realm = getRequestRealm(kdcReq);
if (realm == null || !kdcContext.getKdcRealm().equals(realm)) {
LOG.error("Invalid realm from kdc request: " + realm);
throw new KrbException(KrbErrorCode.WRONG_REALM,
"Invalid realm from kdc request: " + realm);
}
{code}
I'm not really sure what the correct behavior is here, so I'm leaving this
issue until I get further guidance.
> Support authentication with NT-ENTERPRISE principal names
> ---------------------------------------------------------
>
> Key: DIRKRB-659
> URL: https://issues.apache.org/jira/browse/DIRKRB-659
> Project: Directory Kerberos
> Issue Type: New Feature
> Affects Versions: 1.0.1
> Reporter: Dmitry Bedrin
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Labels: patch, windows
> Attachments: DIRKRB-659-revised.patch,
> DIRKRB_659__Support_authentication_with_NT_ENTERPRISE_principal_names.patch
>
> Original Estimate: 24h
> Time Spent: 4h
> Remaining Estimate: 20h
>
> Apache Kerby currently doesn't support authentication using NT-ENTERPRISE
> principal names.
> See https://tools.ietf.org/html/rfc6806.html for details
> _KrbClientBase_ provides a method for requesting _TGT_ with arbitrary
> _KOptions_
> public TgtTicket requestTgt(KOptions requestOptions) throws KrbException
> However even if I set KrbOption.AS_ENTERPRISE_PN and use username like
> "[email protected]" Kerby Client will treat the dns.domain.name as a
> realm name despite the AS_ENTERPRISE_PN setting
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
