On 10/25/07, Enrique Rodriguez <[EMAIL PROTECTED]> wrote:
> Hi, Leo,
>
> This looks like an MIT Kerberos configuration issue. The MIT KDC is
> responding that it is not configured to use encryption type 3
> (DES-CBC-MD5). The client is simply reporting the error returned by
> the KDC. I recommend reviewing MIT Kerberos server documentation.
> Alternatively, you can use the "long form" of the ApacheDS Kerberos
> client component to try to use an enc type that is supported by
> default by MIT Kerberos KDC.
>
Hi, Enrique,
Thank you for your help.
But after I look at the kdc.conf, it has
[kdcdefaults]
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
v4_mode = nopreauth
[realms]
EXAMPLE.COM = {
#master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
des-cbc-crc:v4 des-cbc-crc:afs3
}
So from the configuration, des-cbd-md5 seems to have been acknowledged.
> Enrique
>
>
> On 10/23/07, Leo Li <[EMAIL PROTECTED]> wrote:
> > Hi, all
> >
> > I am trying to connect to KDC to get a TGT by:
> > String hostname = "wks107904wss.cn.ibm.com";
> > int port = 88;
> > KdcConnection con = new KdcConnection( hostname + ":" + port );
> > KerberosTicket tgt = con.getTicketGrantingTicket( clientPrincipal,
> > password );
> >
> > But it fails with such stacktrace:
> > Exception in thread "main"
> > org.apache.directory.client.kerberos.KdcConnectionException:
> > BAD_ENCRYPTION_TYPE
> > at
> > org.apache.directory.client.kerberos.GetTicketGrantingTicket.processError(GetTicketGrantingTicket.java:167)
> > at
> > org.apache.directory.client.kerberos.GetTicketGrantingTicket.execute(GetTicketGrantingTicket.java:153)
> > at
> > org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:118)
> > at
> > org.apache.directory.client.kerberos.KdcConnection.getTicketGrantingTicket(KdcConnection.java:101)
> > at org.apache.directory.client.kerberos.Main.go(Main.java:62)
> > at org.apache.directory.client.kerberos.Main.main(Main.java:55)
> >
> >
> > And on the kdc side, the server has such log:
> > Oct 23 16:12:28 wks107904wss.cn.ibm.com krb5kdc[2304](info) :
> > AS_REQ(1 etypes{3}) 9.181.106.61:BAD_ENCRYPTION_TYPE:[EMAIL PROTECTED]
> > for krbtgt/[EMAIL PROTECTED], KDC has no support for encryption
> > type
> >
> > The KDC is provided by redhat enterprise 5 with default setup
> > configuration.
> >
> > And if I try the same program in the machine where KDC resides and
> > run it with "localhost" as host parameter, it will get null TGT and
> > from the KDC log there seems no further log as if no Kerberos Request
> > had been sent to KDC.
> >
> > Can somebody help?
> >
> > Thanks,
> >
> > --
> > Leo Li
> > China Software Development Lab, IBM
> >
>
--
Leo Li
China Software Development Lab, IBM
