On Thu, Oct 7, 2010 at 11:19 PM, Emmanuel Lecharny <[email protected]> wrote:
> On 10/7/10 7:05 PM, Sidda Eraiah wrote:
>>
>> All,
>>
>> I am resending this mail with the hope that some of you have a
>> solution for this.
>>
>> I have Apache-DS (1.5.7) with Kerberos Domain Controller starting up
>> correctly and generating tickets using the default encryption type.
>>
>> Due to a customer requirement, I have to use encryption type of RC4-HMAC.
>> Based on what I could find this needs me to add a<encryptionsType>
>> property
>> to the kdcServer like this:
>>
>> <kdcServer id="kdcServer" searchBaseDn="ou=Users,dc=example,dc=com">
>> <transports>
>> <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>> <udpTransport port="60088" nbThreads="4" backLog="50"/>
>> </transports>
>> <directoryService>#directoryService</directoryService>
>> <encryptionTypes>rc4-hmac</encryptionTypes>
>> </kdcServer>
>>
>> with this change to the server.xml the server comes up fine. But trying to
>> get a ticket out of KDC fails with the following error:
>>
>> $~/share/apacheds_1.5.7$ kinit
>> [email protected]@EXAMPLE.COM's Password:
>> kinit: krb5_get_init_creds: KDC has no support for encryption type
>>
>> I see a warning in the ApacheDS like this:
>>
>> [14:12:49] WARN
>> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
>> KDC has no support for encryption type (14)
>>
>> One of the ApacheDS developer suggested the following in the IRC channel:
>>
>> <spring:bean id="enc" class="java.util.HashSet">
>> <spring:constructor-arg>
>> <spring:list>
>> <spring:value
>>
>> type="org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType">RC4_HMAC</spring:value>
>> </spring:list>
>> </spring:constructor-arg>
>> </spring:bean>
>> <kdcServer id="kdcServer">
>> <transports>
>> <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>> <udpTransport port="60088" nbThreads="4" backLog="50"/>
>> </transports>
>> <directoryService>#directoryService</directoryService>
>> <encryptionTypes>#enc</encryptionTypes>
>> </kdcServer>
>>
>> This also gives the same error.
>
> What about :
>
> <kdcServer id="kdcServer">
> <transports>
> <tcpTransport port="60088" nbThreads="4" backLog="50"/>
> <udpTransport port="60088" nbThreads="4" backLog="50"/>
> </transports>
> <directoryService>#directoryService</directoryService>
> <property name="encryptionTypes">
> <set>
> <value
> type="org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType">RC4_HMAC</value>
> </set>
> </property>
> <encryptionTypes>#enc</encryptionTypes>
> </kdcServer>
>
>
> ?
great Emmanuel, this works, however a small fix though, it has to be like
<spring:property name="encryptionTypes">
<spring:set>
<spring:value
type="org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType">RC4_HMAC</spring:value>
</spring:set>
</spring:property>
note that " <encryptionTypes>#enc</encryptionTypes>" is not required
Kiran Ayyagari
