Le 4/6/13 2:23 AM, Wu, James C. a écrit : > Hi, Hi, > > I am trying to set up ApacheDS as a KDC. After adding hnelson using the > following ldif, I could not get kinit to get the ticket > > dn: uid=hnelson,ou=users,dc=example,dc=com > objectclass: top > objectclass: person > objectclass: inetOrgPerson > objectclass: krb5Principal > objectclass: krb5KDCEntry > cn: Horatio Nelson > sn: Nelson > uid: hnelson > userpassword: secret > krb5PrincipalName: [email protected] > > > The log output of ApacheDS show the following output: > > [cloud-user@n7-z01-0a2a0c3a ~]$ [17:15:57] ERROR > [org.apache.directory.server.KERBEROS_LOG] - No timestamp found > [17:15:57] WARN > [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - > Additional pre-authentication required (25) > [17:15:57] WARN [org.apache.directory.server.KERBEROS_LOG] - Additional > pre-authentication required (25) > [17:16:00] WARN > [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - > Integrity check on decrypted field failed (31) > [17:16:00] WARN [org.apache.directory.server.KERBEROS_LOG] - Integrity > check on decrypted field failed (31) > > Could someone give me some hint?
First, can you give us the version you are using ? Can you also provide the krb5.conf file you are using ? Its very likely that the encryptionType you are using on the client is not correctly recognized by the server. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
