| Leo Li (JIRA) 2007-11-06, 1:11 am |
| [kerberos client]Kerberos Client lacks support for different encrypt types.
---------------------------------------------------------------------------
Key: DIRSERVER-1095
URL: https://issues.apache.org/jira/browse/DIRSERVER-1095
Project: Directory ApacheDS
Issue Type: Bug
Reporter: Leo Li
Hi, all
The "DES-CBC-MD5" is the only encrypt type supported by current kerberos client and it fails to get TGT from MIT KDC server Krb5-1.5.4 since the KDC server does not support this encrypt type now.
Below is the program:
String hostname = "wks107904wss.cn.ibm.com";
int port = 88;
KdcConnection con = new KdcConnection( hostname + ":" + port );
KerberosTicket tgt = con.getTicketGrantingTicket( clientPrincipal,
password );
But it fails with such stacktrace:
Exception in thread "main"
org.apache.directory.client.kerberos.KdcConnectionException:
BAD_ENCRYPTION_TYPE
at org.apache.directory.client.kerberos.GetTicketGrantingTicket.processError(GetTicketGrantingTicket.java:167)
at org.apache.directory.client.kerberos.GetTicketGrantingTicket.execute(GetTicketGrantingTicket.java:153)
at org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:118)
at org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:101)
at org.apache.directory.client.kerberos.Main.go(Main.java:62)
at org.apache.directory.client.kerberos.Main.main(Main.java:55)
And on the kdc side, the server has such log:
Oct 23 16:12:28 wks107904wss.cn.ibm.com krb5kdc[2304](info) :
AS_REQ(1 etypes{3}) 9.181.106.61:BAD_ENCRYPTION_TYPE:leo-eoiNrCBZWh+uvtTkCOosKA@public.gmane.org
for krbtgt/EXAMPLE.COM-eoiNrCBZWh+uvtTkCOosKA@public.gmane.org, KDC has no support for encryption
type
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
|