[ApacheDS] Getting ApacheDS KDC to recognize rc4-hmac encryption type

Thu, 30 Sep 2010 15:38:35 -0700 

All,

I have Apache-DS (1.5.7) with  Kerberos Domain Controller starting up
correctly and generating tickets using the default encryption type.

Due to a customer requirement, I have to use encryption type of RC4-HMAC.
Based on what I could find this needs me to add a <encryptionsType> property
to the kdcServer like this:

  <kdcServer id="kdcServer"  searchBaseDn="ou=Users,dc=example,dc=com">
    <transports>
      <tcpTransport port="60088" nbThreads="4" backLog="50"/>
      <udpTransport port="60088" nbThreads="4" backLog="50"/>
    </transports>
    <directoryService>#directoryService</directoryService>
    <encryptionTypes>rc4-hmac</encryptionTypes>
  </kdcServer>

with this change to the server.xml the server comes up fine. But trying to
get a ticket out of KDC fails with the following error:

$~/share/apacheds_1.5.7$ kinit [email protected]
[email protected]'s Password:
kinit: krb5_get_init_creds: KDC has no support for encryption type

I see a warning in the ApacheDS like this:

[14:12:49] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
KDC has no support for encryption type (14)

One of the ApacheDS developer suggested the following in the IRC channel:

<spring:bean id="enc" class="java.util.HashSet">
   <spring:constructor-arg>
    <spring:list>
      <spring:value
type="org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType">RC4_HMAC</spring:value>
    </spring:list>
   </spring:constructor-arg>
  </spring:bean>
  <kdcServer id="kdcServer">
    <transports>
      <tcpTransport port="60088" nbThreads="4" backLog="50"/>
      <udpTransport port="60088" nbThreads="4" backLog="50"/>
    </transports>
    <directoryService>#directoryService</directoryService>
    <encryptionTypes>#enc</encryptionTypes>
  </kdcServer>

This also gives the same error.

Have any of you got the encryption type of RC4-HMAC to work with ApacheDS
KDC?

Your thoughts and suggestions on how to get this to work is really
appreciated.

Thanks in advance.

-- 
Best Regards,
Sidda

Director of Management Services
>|< Kaazing Corporation >|<
888, Villa St. Suite #410, Mountain View, CA 94041, USA

Reply via email to