Hi, We are using heimdal-1.5.2 and Open LDAP as Back end for storing the Principals. We are able to add principals using add (of kadmin) and authenticate using kinit from Terminal. Please find the attached krb5.conf and source code.
|
HeimdalLDAPEntry.java
Description: Binary data
krb5.conf
Description: Binary data
Using the attached java client code able to create the Hiemdal Kerboros Principals in Open LDAP. Even Krb5Keys also generated. But when Kinit(from terminal) i am getting the below mentioned Error. Kindly provide us any solution for the problem. sh-3.2# /usr/heimdal/bin/kinit [email protected] [email protected]'s Password: <= apple kinit: krb5_get_init_creds: KDC has no support for encryption type The heimdal log during the kinit for the above principal (created using java code) is as follows: 2012-03-30T18:01:58 AS-REQ [email protected] from IPv4:127.0.0.1 for krbtgt/[email protected] 2012-03-30T18:01:58 AS-REQ [email protected] from IPv4:127.0.0.1 for krbtgt/[email protected] 2012-03-30T18:01:58 Client ([email protected]) from IPv4:127.0.0.1 has no common enctypes with KDC to use for the session key 2012-03-30T18:01:58 Client ([email protected]) from IPv4:127.0.0.1 has no common enctypes with KDC to use for the session key 2012-03-30T18:01:58 sending 124 bytes to IPv4:127.0.0.1 2012-03-30T18:01:58 sending 124 bytes to IPv4:127.0.0.1 The heimdal log during the kinit for the above principal (created using kadmin terminal) is as follows: 2012-03-30T18:04:55 AS-REQ [email protected] from IPv4:127.0.0.1 for krbtgt/[email protected] 2012-03-30T18:04:55 AS-REQ [email protected] from IPv4:127.0.0.1 for krbtgt/[email protected] 2012-03-30T18:04:55 No preauth found, returning PREAUTH-REQUIRED -- [email protected] 2012-03-30T18:04:55 No preauth found, returning PREAUTH-REQUIRED -- [email protected] 2012-03-30T18:04:55 sending 255 bytes to IPv4:127.0.0.1 2012-03-30T18:04:55 sending 255 bytes to IPv4:127.0.0.1 2012-03-30T18:04:55 AS-REQ [email protected] from IPv4:127.0.0.1 for krbtgt/[email protected] 2012-03-30T18:04:55 AS-REQ [email protected] from IPv4:127.0.0.1 for krbtgt/[email protected] 2012-03-30T18:04:55 Client sent patypes: encrypted-timestamp 2012-03-30T18:04:55 Client sent patypes: encrypted-timestamp 2012-03-30T18:04:55 Looking for PKINIT pa-data -- [email protected] 2012-03-30T18:04:55 Looking for PKINIT pa-data -- [email protected] 2012-03-30T18:04:55 Looking for ENC-TS pa-data -- [email protected] 2012-03-30T18:04:55 Looking for ENC-TS pa-data -- [email protected] 2012-03-30T18:04:55 ENC-TS Pre-authentication succeeded -- [email protected] using aes256-cts-hmac-sha1-96 2012-03-30T18:04:55 ENC-TS Pre-authentication succeeded -- [email protected] using aes256-cts-hmac-sha1-96 2012-03-30T18:04:55 AS-REQ authtime: 2012-03-30T18:04:55 starttime: unset endtime: 2012-03-31T04:04:55 renew till: unset 2012-03-30T18:04:55 AS-REQ authtime: 2012-03-30T18:04:55 starttime: unset endtime: 2012-03-31T04:04:55 renew till: unset 2012-03-30T18:04:55 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, des3-cbc-md5, arcfour-hmac-md5, des-cbc-md5, des-cbc-md4, des-cbc-crc, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96 2012-03-30T18:04:55 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, des3-cbc-md5, arcfour-hmac-md5, des-cbc-md5, des-cbc-md4, des-cbc-crc, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96 2012-03-30T18:04:55 Requested flags: forwardable 2012-03-30T18:04:55 Requested flags: forwardable 2012-03-30T18:04:55 sending 628 bytes to IPv4:127.0.0.1 2012-03-30T18:04:55 sending 628 bytes to IPv4:127.0.0.1 Environment Details: Operating System: Mac OS X - Snow Leopard. Kerberos: heimdal-1.5.2 Back End for Kerberos: Open LDAP 2.4.30 Apache DS API: apacheds-all-2.0.0-M6.jar Info: The principal that has been created using Heimdal (add of Kadmin) and kinit able to get the tickets and below are the details: sh-3.2# /usr/heimdal/bin/kinit [email protected] [email protected]'s Password: sh-3.2# /usr/heimdal/bin/klist -5Afv Credentials cache: API:0 Principal: [email protected] Cache version: 0 Server: krbtgt/[email protected] Client: [email protected] Ticket etype: aes256-cts-hmac-sha1-96, kvno 1 Ticket length: 313 Auth time: Mar 30 18:04:55 2012 End time: Mar 31 04:04:55 2012 Ticket flags: pre-authent, initial, forwardable Addresses: addressless Below are the contents of java console log when created principals using the attached code: Started the process Schema Process Done entryEntry dn: [email protected],ou=KerberosPrincipals,dc=example,dc=com objectClass: top objectClass: account objectClass: krb5Principal objectClass: krb5KDCEntry uid: sample krb5MaxRenew: 604800 krb5KeyVersionNumber: 1 krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x18 0x72 0xBF 0x9A 0xE2 ...' krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0xF2 0xFB 0x13 0xD9 0x91 ...' krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x5E 0xBE 0x7D 0xFA 0x07 ...' krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0x46 0xAE 0xA1 0xD5 0x97 ...' krb5Key: '0x30 0x29 0xA0 0x03 0x02 0x01 0x12 0xA1 0x22 0x04 0x20 0xCF 0x89 0xBB 0xC2 0xFC ...' krb5MaxLife: 86400 krb5PrincipalName: [email protected] Entry has been created org.apache.directory.ldap.client.api.LdapNetworkConnection@75d709a5 Thanks, Vamsi |
