[
https://issues.apache.org/jira/browse/DIRSERVER-1821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James C. Wu closed DIRSERVER-1821.
----------------------------------
Resolution: Won't Fix
> kinit failed on - Integrity check on decrypted field failed
> -----------------------------------------------------------
>
> Key: DIRSERVER-1821
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1821
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core, ldap
> Affects Versions: 2.0.0-M11
> Environment: JVM 7 on both OpenJDK and Oracle
> Reporter: James C. Wu
>
> Kinit failed when trying to get kerberos ticket. The server side logs shows
> integrity check on decrypted field fields. The following is the complete log
> output in debug level.
> [10:44:15] DEBUG [org.apache.directory.shared.kerberos.components.PaData] -
> PreAuthenticationData encoding : 0x30 0x1F 0x30 0x09 0xA1 0x03 0x02 0x01 0x02
> 0xA2 0x02 0x04 0x00 0x30 0x12 0xA1 0x03 0x02 0x01 0x13 0xA2 0x0B 0x04 0x09
> 0x30 0x07 0x30 0x05 0xA0 0x03 0x02 0x01 0x12
> [10:44:15] DEBUG [org.apache.directory.shared.kerberos.components.PaData] -
> PreAuthenticationData initial value : PreAuthenticationData :
> padata-type: Encryption info.(19)
> padata-value:0x30 0x07 0x30 0x05 0xA0 0x03 0x02 0x01 0x12
> [10:44:15] DEBUG [org.apache.directory.shared.kerberos.components.MethodData]
> - METHOD-DATA encoding : 0x30 0x1F
> 0x30 0x09 0xA1 0x03 0x02 0x01 0x02 0xA2 0x02 0x04 0x00 0x30 0x12 0xA1 0x03
> 0x02 0x01 0x13 0xA2 0x0B 0x04 0x09 0x30 0x07 0x30 0x05 0xA0 0x03 0x02 0x01
> 0x12
> [10:44:15] DEBUG [org.apache.directory.shared.kerberos.components.MethodData]
> - METHOD-DATA initial value : METHOD-DATA : PreAuthenticationData :
> padata-type: Encrypted timestamp.(2)
> , PreAuthenticationData :
> padata-type: Encryption info.(19)
> padata-value:0x30 0x07 0x30 0x05 0xA0 0x03 0x02 0x01 0x12
> [10:44:15] WARN
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
> Additional pre-authentication required (25)
> [10:44:15] WARN [org.apache.directory.server.KERBEROS_LOG] - Additional
> pre-authentication required (25)
> [10:44:15] DEBUG
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
> Responding to request
> with error:
> explanatory text: Additional pre-authentication required
> error code: Additional pre-authentication required
> clientPrincipal: null@null
> client time: null
> serverPrincipal: { name-type: KRB_NT_SRV_INST, name-string :
> <'krbtgt', 'EXAMPLE.COM'> }@EXAMPLE.COM
> server time: 20130408174415Z
> [10:44:15] DEBUG [org.apache.directory.server.KERBEROS_LOG] - Responding to
> request with error:
> explanatory text: Additional pre-authentication required
> error code: Additional pre-authentication required
> clientPrincipal: null@null
> client time: null
> serverPrincipal: { name-type: KRB_NT_SRV_INST, name-string :
> <'krbtgt', 'EXAMPLE.COM'> }@EXAMPLE.COM
> server time: 20130408174415Z
> [10:44:15] DEBUG
> [org.apache.directory.shared.kerberos.components.PrincipalName] -
> PrinipalName encoding : 0x7E 0x81 0xA8 0x30 0x81 0xA5 0xA0 0x03 0x02 0x01
> 0x05 0xA1 0x03 0x02 0x01 0x1E 0xA4 0x11 0x18 0x0F 0x32 0x30 0x31 0x33 0x30
> 0x34 0x30 0x38 0x31 0x37 0x34 0x34 0x31 0x35 0x5A 0xA5 0x03 0x02 0x01 0x00
> 0xA6 0x03 0x02 0x01 0x19 0xA9 0x0C 0x1B 0x0A 0x44 0x49 0x53 0x4E 0x45 0x59
> 0x2E 0x43 0x4F 0x4D 0xAA 0x1F 0x30 0x1D 0xA0 0x03 0x02 0x01 0x02 0xA1
> 0x16 0x30 0x14 0x1B 0x06 0x6B 0x72 0x62 0x74 0x67 0x74 0x1B 0x0A 0x44 0x49
> 0x53 0x4E 0x45 0x59 0x2E 0x43 0x4F 0x4D 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> [10:44:15] DEBUG
> [org.apache.directory.shared.kerberos.components.PrincipalName] -
> PrinipalName initial value : { name-type: KRB_NT_SRV_INST, name-string :
> <'krbtgt', 'EXAMPLE.COM'> }
> [10:44:15] DEBUG [org.apache.directory.shared.kerberos.messages.KrbError] -
> KrbError encoding : 0x7E 0x81 0xA8 0x30 0x81 0xA5 0xA0 0x03 0x02 0x01 0x05
> 0xA1 0x03 0x02 0x01 0x1E 0xA4 0x11 0x18 0x0F 0x32 0x30 0x31 0x33 0x30 0x34
> 0x30 0x38 0x31 0x37 0x34 0x34 0x31 0x35 0x5A 0xA5 0x03 0x02 0x01 0x00 0xA6
> 0x03 0x02 0x01 0x19 0xA9 0x0C 0x1B 0x0A 0x44 0x49 0x53 0x4E 0x45 0x59 0x2E
> 0x43 0x4F 0x4D 0xAA 0x1F 0x30 0x1D 0xA0 0x03 0x02 0x01 0x02 0xA1 0x16 0x30
> 0x14 0x1B 0x06 0x6B 0x72 0x62 0x74 0x67 0x74 0x1B 0x0A 0x44 0x49 0x53 0x4E
> 0x45 0x59 0x2E 0x43 0x4F 0x4D 0xAB 0x28 0x1B 0x26 0x41 0x64 0x64 0x69 0x74
> 0x69 0x6F 0x6E 0x61 0x6C 0x20 0x70 0x72 0x65 0x2D 0x61 0x75 0x74 0x68 0x65
> 0x6E 0x74 0x69 0x63 0x61 0x74 0x69 0x6F 0x6E 0x20 0x72 0x65 0x71 0x75 0x69
> 0x72 0x65 0x64 0xAC 0x23 0x04 0x21 0x30
> 0x1F 0x30 0x09 0xA1 0x03 0x02 0x01 0x02 0xA2 0x02 0x04 0x00 0x30 0x12 0xA1
> 0x03 0x02 0x01 0x13 0xA2 0x0B 0x04 0x09 0x30 0x07 0x30 0x05 0xA0 0x03 0x02
> 0x01 0x12
> [10:44:15] DEBUG [org.apache.directory.shared.kerberos.messages.KrbError] -
> KrbError initial value :
> KRB-ERROR : {
> pvno: 5
> msgType: KRB_ERROR
> sTime: 20130408174415Z
> susec: 0
> errorCode: Additional pre-authentication required
> realm: EXAMPLE.COM
> sName: { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> eText: Additional pre-authentication required
> eData: 0x30 0x1F 0x30 0x09 0xA1 0x03 0x02 0x01 0x02 0xA2 0x02 0x04 0x00
> 0x30 0x12 0xA1 0x03 0x02 0x01 0x13 0xA2 0x0B 0x04 0x09 0x30 0x07 0x30 0x05
> 0xA0 0x03 0x02 0x01 0x12
> }
> [10:44:15] DEBUG
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
> /10.42.12.54:55923 SENT:
> KRB-ERROR : {
> pvno: 5
> msgType: KRB_ERROR
> sTime: 20130408174415Z
> susec: 0
> errorCode: Additional pre-authentication required
> realm: EXAMPLE.COM
> sName: { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> eText: Additional pre-authentication required
> eData: 0x30 0x1F 0x30 0x09 0xA1 0x03 0x02 0x01 0x02 0xA2 0x02 0x04 0x00
> 0x30 0x12 0xA1 0x03 0x02 0x01 0x13 0xA2 0x0B 0x04 0x09 0x30 0x07 0x30 0x05
> 0xA0 0x03 0x02 0x01 0x12
> }
> [10:44:15] DEBUG [org.apache.directory.server.KERBEROS_LOG] -
> /10.42.12.54:55923 SENT:
> KRB-ERROR : {
> pvno: 5
> msgType: KRB_ERROR
> sTime: 20130408174415Z
> susec: 0
> errorCode: Additional pre-authentication required
> realm: EXAMPLE.COM
> sName: { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> eText: Additional pre-authentication required
> eData: 0x30 0x1F 0x30 0x09 0xA1 0x03 0x02 0x01 0x02 0xA2 0x02 0x04 0x00
> 0x30 0x12 0xA1 0x03 0x02 0x01 0x13 0xA2 0x0B 0x04 0x09 0x30 0x07 0x30 0x05
> 0xA0 0x03 0x02 0x01 0x12
> }
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
> /10.42.12.54:41991 CREATED: datagram
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] -
> /10.42.12.54:41991 CREATED: datagram
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
> /10.42.12.54:41991 OPENED
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] -
> /10.42.12.54:41991 OPENED
> [10:44:17] DEBUG [org.apache.mina.filter.codec.ProtocolCodecFilter] -
> Processing a MESSAGE_RECEIVED for session 9
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.actions.AbstractReadPvno] - pvno
> : 5
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.padata.actions.PaDataInit] -
> PaData created
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.padata.actions.StoreDataType] -
> padata-type : 2
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReq.actions.AddPaData] - Added
> PA-DATA: PreAuthenticationData :
> padata-type: Encrypted timestamp.(2)
> padata-value:0x30 0x41 0xA0 0x03 0x02 0x01 0x12 0xA2 0x3A 0x04 0x38 0xA1
> 0x9A 0x25 0xE5 0x77 0x8A 0x30 0x12 0xE3 0x82 0x97 0xEF 0x8E 0xDF 0x1A 0x36
> 0x39 0xAE 0xF1 0x6C 0x64 0x89 0x9F 0x89 0x31 0xB3 0xFD 0x01 0xB1 0x68 0x25
> 0xAA 0xAE 0xAF 0x05 0xDD 0x33 0xD3 0xFE 0x57 0xD0 0x74 0x6C 0x08 0x64 0xA2
> 0xF3 0x8C 0x23 0x1F 0xAE 0xB6 0xA9 0x24 0xB5 0x38
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.padata.actions.PaDataInit] -
> PaData created
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.padata.actions.StoreDataType] -
> padata-type : 149
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReq.actions.AddPaData] - Added
> PA-DATA: PreAuthenticationData :
> padata-type: null(0)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.KdcReqBodyInit]
> - KdcReqBody created
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.StoreKdcOptions]
> - KDCOptions : FORWARDABLE RENEWABLE
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.principalName.actions.PrincipalNameInit]
> - PrincipalName created
> [10:44:17] DEBUG [org.apache.directory.api.asn1.actions.AbstractReadInteger]
> - read integer value : 1
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.principalName.actions.StoreNameType]
> - name-type : {}Just the name of the principal as in DCE, or for users(1)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.principalName.actions.StoreNameString]
> - PrincipalName String : hnelson
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.actions.AbstractReadPrincipalName]
> - PrincipalName : { name-type: KRB_NT_PRINCIPAL, name-string : <'hnelson'> }
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.actions.AbstractReadRealm] - read
> realm value : EXAMPLE.COM
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.principalName.actions.PrincipalNameInit]
> - PrincipalName created
> [10:44:17] DEBUG [org.apache.directory.api.asn1.actions.AbstractReadInteger]
> - read integer value : 2
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.principalName.actions.StoreNameType]
> - name-type : {}Service and other unique instance (krbtgt)(2)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.principalName.actions.StoreNameString]
> - PrincipalName String : krbtgt
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.principalName.actions.StoreNameString]
> - PrincipalName String : EXAMPLE.COM
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.actions.AbstractReadPrincipalName]
> - PrincipalName : { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.StoreFrom] -
> From : 20130408174415Z
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.StoreTill] -
> Till : 20130409174415Z
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.actions.AbstractReadKerberosTime]
> - decoded kerberos time is : 20130415174415Z
> [10:44:17] DEBUG [org.apache.directory.api.asn1.actions.AbstractReadInteger]
> - read integer value : 1801102745
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.AddEType] -
> EncryptionType : aes256-cts-hmac-sha1-96 (18)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.AddEType] -
> EncryptionType : aes128-cts-hmac-sha1-96 (17)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.AddEType] -
> EncryptionType : des3-cbc-sha1-kd (16)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.AddEType] -
> EncryptionType : rc4-hmac (23)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.kdcReq.actions.StoreKdcReqBody] -
> KDC-REQ-BODY : KDCOptions : FORWARDABLE RENEWABLE
> cname : { name-type: KRB_NT_PRINCIPAL, name-string : <'hnelson'> }
> realm : EXAMPLE.COM
> sname : { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt', 'EXAMPLE.COM'>
> }
> from : 20130408174415Z
> till : 20130409174415Z
> rtime : 20130415174415Z
> nonce : 1801102745
> etype : aes256-cts-hmac-sha1-96 (18) aes128-cts-hmac-sha1-96 (17)
> des3-cbc-sha1-kd (16) rc4-hmac (23)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.asReq.actions.StoreKdcReq] -
> AS-REQ :
> >-------------------------------------------------------------------------------
> AS-REQ
> pvno : 5
> msg-type : AS_REQ
> padata :
> PreAuthenticationData :
> padata-type: Encrypted timestamp.(2)
> padata-value:0x30 0x41 0xA0 0x03 0x02 0x01 0x12 0xA2 0x3A 0x04 0x38
> 0xA1 0x9A 0x25 0xE5 0x77 0x8A 0x30 0x12 0xE3 0x82 0x97 0xEF 0x8E 0xDF 0x1A
> 0x36 0x39 0xAE 0xF1 0x6C 0x64 0x89 0x9F 0x89 0x31 0xB3 0xFD 0x01 0xB1 0x68
> 0x25 0xAA 0xAE 0xAF 0x05 0xDD 0x33 0xD3 0xFE 0x57 0xD0 0x74 0x6C 0x08 0x64
> 0xA2 0xF3 0x8C 0x23 0x1F 0xAE 0xB6 0xA9 0x24 0xB5 0x38
> padata :
> PreAuthenticationData :
> padata-type: null(0)
> kdc-req-body :
> KDCOptions : FORWARDABLE RENEWABLE
> cname : { name-type: KRB_NT_PRINCIPAL, name-string : <'hnelson'> }
> realm : EXAMPLE.COM
> sname : { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> from : 20130408174415Z
> till : 20130409174415Z
> rtime : 20130415174415Z
> nonce : 1801102745
> etype : aes256-cts-hmac-sha1-96 (18) aes128-cts-hmac-sha1-96 (17)
> des3-cbc-sha1-kd (16) rc4-hmac (23)
> -------------------------------------------------------------------------------<
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.KerberosMessageGrammar] - Decoded
> KerberosMessage
> >-------------------------------------------------------------------------------
> AS-REQ
> pvno : 5
> msg-type : AS_REQ
> padata :
> PreAuthenticationData :
> padata-type: Encrypted timestamp.(2)
> padata-value:0x30 0x41 0xA0 0x03 0x02 0x01 0x12 0xA2 0x3A 0x04 0x38
> 0xA1 0x9A 0x25 0xE5 0x77 0x8A 0x30 0x12 0xE3 0x82 0x97 0xEF 0x8E 0xDF 0x1A
> 0x36 0x39 0xAE 0xF1 0x6C 0x64 0x89 0x9F 0x89 0x31 0xB3 0xFD 0x01 0xB1 0x68
> 0x25 0xAA 0xAE 0xAF 0x05 0xDD 0x33 0xD3 0xFE 0x57 0xD0 0x74 0x6C 0x08 0x64
> 0xA2 0xF3 0x8C 0x23 0x1F 0xAE 0xB6 0xA9 0x24 0xB5 0x38
> padata :
> PreAuthenticationData :
> padata-type: null(0)
> kdc-req-body :
> KDCOptions : FORWARDABLE RENEWABLE
> cname : { name-type: KRB_NT_PRINCIPAL, name-string : <'hnelson'> }
> realm : EXAMPLE.COM
> sname : { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> from : 20130408174415Z
> till : 20130409174415Z
> rtime : 20130415174415Z
> nonce : 1801102745
> etype : aes256-cts-hmac-sha1-96 (18) aes128-cts-hmac-sha1-96 (17)
> des3-cbc-sha1-kd (16) rc4-hmac (23)
> -------------------------------------------------------------------------------<
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder] -
> Decoded KerberosMessage
> :
> >-------------------------------------------------------------------------------
> AS-REQ
> pvno : 5
> msg-type : AS_REQ
> padata :
> PreAuthenticationData :
> padata-type: Encrypted timestamp.(2)
> padata-value:0x30 0x41 0xA0 0x03 0x02 0x01 0x12 0xA2 0x3A 0x04 0x38
> 0xA1 0x9A 0x25 0xE5 0x77 0x8A 0x30 0x12 0xE3 0x82 0x97 0xEF 0x8E 0xDF 0x1A
> 0x36 0x39 0xAE 0xF1 0x6C 0x64 0x89 0x9F 0x89 0x31 0xB3 0xFD 0x01 0xB1 0x68
> 0x25 0xAA 0xAE 0xAF 0x05 0xDD 0x33 0xD3 0xFE 0x57 0xD0 0x74 0x6C 0x08 0x64
> 0xA2 0xF3 0x8C 0x23 0x1F 0xAE 0xB6 0xA9 0x24 0xB5 0x38
> padata :
> PreAuthenticationData :
> padata-type: null(0)
> kdc-req-body :
> KDCOptions : FORWARDABLE RENEWABLE
> cname : { name-type: KRB_NT_PRINCIPAL, name-string : <'hnelson'> }
> realm : EXAMPLE.COM
> sname : { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> from : 20130408174415Z
> till : 20130409174415Z
> rtime : 20130415174415Z
> nonce : 1801102745
> etype : aes256-cts-hmac-sha1-96 (18) aes128-cts-hmac-sha1-96 (17)
> des3-cbc-sha1-kd (16) rc4-hmac (23)
> -------------------------------------------------------------------------------<
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
> /10.42.12.54:41991 RCVD:
> >-------------------------------------------------------------------------------
> AS-REQ
> pvno : 5
> msg-type : AS_REQ
> padata :
> PreAuthenticationData :
> padata-type: Encrypted timestamp.(2)
> padata-value:0x30 0x41 0xA0 0x03 0x02 0x01 0x12 0xA2 0x3A 0x04 0x38
> 0xA1 0x9A 0x25 0xE5 0x77 0x8A 0x30 0x12 0xE3 0x82 0x97 0xEF 0x8E 0xDF 0x1A
> 0x36 0x39 0xAE 0xF1 0x6C 0x64 0x89 0x9F 0x89 0x31 0xB3 0xFD 0x01 0xB1 0x68
> 0x25 0xAA 0xAE 0xAF 0x05 0xDD 0x33 0xD3 0xFE 0x57 0xD0 0x74 0x6C 0x08 0x64
> 0xA2 0xF3 0x8C 0x23 0x1F 0xAE 0xB6 0xA9 0x24 0xB5 0x38
> padata :
> PreAuthenticationData :
> padata-type: null(0)
> kdc-req-body :
> KDCOptions : FORWARDABLE RENEWABLE
> cname : { name-type: KRB_NT_PRINCIPAL, name-string : <'hnelson'> }
> realm : EXAMPLE.COM
> sname : { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> from : 20130408174415Z
> till : 20130409174415Z
> rtime : 20130415174415Z
> nonce : 1801102745
> etype : aes256-cts-hmac-sha1-96 (18) aes128-cts-hmac-sha1-96 (17)
> des3-cbc-sha1-kd (16) rc4-hmac (23)
> -------------------------------------------------------------------------------<
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] -
> /10.42.12.54:41991 RCVD:
> >-------------------------------------------------------------------------------
> AS-REQ
> pvno : 5
> msg-type : AS_REQ
> padata :
> PreAuthenticationData :
> padata-type: Encrypted timestamp.(2)
> padata-value:0x30 0x41 0xA0 0x03 0x02 0x01 0x12 0xA2 0x3A 0x04 0x38
> 0xA1 0x9A 0x25 0xE5 0x77 0x8A 0x30 0x12 0xE3 0x82 0x97 0xEF 0x8E 0xDF 0x1A
> 0x36 0x39 0xAE 0xF1 0x6C 0x64 0x89 0x9F 0x89 0x31 0xB3 0xFD 0x01 0xB1 0x68
> 0x25 0xAA 0xAE 0xAF 0x05 0xDD 0x33 0xD3 0xFE 0x57 0xD0 0x74 0x6C 0x08 0x64
> 0xA2 0xF3 0x8C 0x23 0x1F 0xAE 0xB6 0xA9 0x24 0xB5 0x38
> padata :
> PreAuthenticationData :
> padata-type: null(0)
> kdc-req-body :
> KDCOptions : FORWARDABLE RENEWABLE
> cname : { name-type: KRB_NT_PRINCIPAL, name-string : <'hnelson'> }
> realm : EXAMPLE.COM
> sname : { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> from : 20130408174415Z
> till : 20130409174415Z
> rtime : 20130415174415Z
> nonce : 1801102745
> etype : aes256-cts-hmac-sha1-96 (18) aes128-cts-hmac-sha1-96 (17)
> des3-cbc-sha1-kd (16) rc4-hmac (23)
> -------------------------------------------------------------------------------<
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
> - Received Authentication Service (AS) request:
> messageType: AS_REQ
> protocolVersionNumber: 5
> clientAddress: 10.42.12.54
> nonce: 1801102745
> kdcOptions: FORWARDABLE RENEWABLE
> clientPrincipal: { name-type: KRB_NT_PRINCIPAL, name-string :
> <'hnelson'> }
> serverPrincipal: { name-type: KRB_NT_SRV_INST, name-string :
> <'krbtgt', 'EXAMPLE.COM'> }
> encryptionType: aes256-cts-hmac-sha1-96 (18),
> aes128-cts-hmac-sha1-96 (17), des3-cbc-sha1-kd (16), rc4-hmac (23)
> realm: EXAMPLE.COM
> from time: 20130408174415Z
> till time: 20130409174415Z
> renew-till time: 20130415174415Z
> hostAddresses: null
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - Received
> Authentication Service (AS) request:
> messageType: AS_REQ
> protocolVersionNumber: 5
> clientAddress: 10.42.12.54
> nonce: 1801102745
> kdcOptions: FORWARDABLE RENEWABLE
> clientPrincipal: { name-type: KRB_NT_PRINCIPAL, name-string :
> <'hnelson'> }
> serverPrincipal: { name-type: KRB_NT_SRV_INST, name-string :
> <'krbtgt', 'EXAMPLE.COM'> }
> encryptionType: aes256-cts-hmac-sha1-96 (18),
> aes128-cts-hmac-sha1-96 (17), des3-cbc-sha1-kd (16), rc4-hmac (23)
> realm: EXAMPLE.COM
> from time: 20130408174415Z
> till time: 20130409174415Z
> renew-till time: 20130415174415Z
> hostAddresses: null
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - --> Selecting
> the EncryptionType
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
> - Encryption types requested by client [aes256-cts-hmac-sha1-96 (18),
> aes128-cts-hmac-sha1-96 (17), des3-cbc-sha1-kd (16), rc4-hmac (23)].
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - Encryption
> types requested by client [aes256-cts-hmac-sha1-96 (18),
> aes128-cts-hmac-sha1-96 (17), des3-cbc-sha1-kd (16), rc4-hmac (23)].
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
> - Session will use encryption type aes256-cts-hmac-sha1-96 (18).
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - Session will
> use encryption type aes256-cts-hmac-sha1-96 (18).
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - --> Getting the
> client Entry
> [10:44:17] DEBUG [org.apache.directory.server.core.DefaultOperationManager] -
> >> SearchOperation : SearchContext
> for Dn 'ou=users,dc=disney,dc=com', filter
> :'([email protected])'
> [10:44:17] DEBUG
> [org.apache.directory.server.core.authn.AuthenticationInterceptor] -
> Operation Context: SearchContext for Dn 'ou=users,dc=disney,dc=com', filter
> :'([email protected])'
> [10:44:17] DEBUG
> [org.apache.directory.server.xdbm.search.impl.DefaultSearchEngine] - Nb
> results : 1 for filter :
> (&:[1]([email protected]:[1])(#{SUBTREE_SCOPE
> (Estimated), 'ou=users,dc=disney,dc=com', DEREF_ALWAYS}))
> [10:44:17] DEBUG [org.apache.directory.server.core.DefaultOperationManager] -
> << SearchOperation successful
> [10:44:17] DEBUG
> [org.apache.directory.server.protocol.shared.kerberos.StoreUtils] - Found
> entry uid=hnelson,ou=users,dc=disney,dc=com for kerberos principal name
> [email protected]
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - Found entry
> uid=hnelson,ou=users,dc=disney,dc=com for kerberos principal name
> [email protected]
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
> - EncryptionKey created
> [10:44:17] DEBUG [org.apache.directory.api.asn1.actions.AbstractReadInteger]
> - read integer value : 3
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
> - keytype : des-cbc-md5 (3)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
> - EncryptionKey created
> [10:44:17] DEBUG [org.apache.directory.api.asn1.actions.AbstractReadInteger]
> - read integer value : 23
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
> - keytype : rc4-hmac (23)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
> - EncryptionKey created
> [10:44:17] DEBUG [org.apache.directory.api.asn1.actions.AbstractReadInteger]
> - read integer value : 17
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
> - keytype : aes128-cts-hmac-sha1-96 (17)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
> - EncryptionKey created
> [10:44:17] DEBUG [org.apache.directory.api.asn1.actions.AbstractReadInteger]
> - read integer value : 16
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
> - keytype : des3-cbc-sha1-kd (16)
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
> - EncryptionKey created
> [10:44:17] DEBUG [org.apache.directory.api.asn1.actions.AbstractReadInteger]
> - read integer value : 18
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
> - keytype : aes256-cts-hmac-sha1-96 (18)
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - Found entry
> uid=hnelson,ou=users,dc=disney,dc=com for principal [email protected]
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - --> Verifying
> the policy
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
> - Verifying using SAM subsystem.
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - --> Verifying
> using SAM subsystem.
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
> - Verifying using encrypted timestamp.
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - --> Verifying
> using encrypted timestamp.
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
> - Entry for client principal [email protected] has no SAM type.
> Proceeding with standard pre-authentication.
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - Entry for
> client principal [email protected] has no SAM type. Proceeding with
> standard pre-authentication.
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptedData.actions.EncryptedDataInit]
> - EncryptedData created
> [10:44:17] DEBUG [org.apache.directory.api.asn1.actions.AbstractReadInteger]
> - read integer value : 18
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptedData.actions.StoreEType]
> - e-type : aes256-cts-hmac-sha1-96 (18)
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - Decrypting data
> using key aes256-cts-hmac-sha1-96 (18) and usage ERR_603 AS-REQ
> PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key (1)
> [10:44:17] WARN
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
> Integrity check on decrypted field failed (31)
> [10:44:17] WARN [org.apache.directory.server.KERBEROS_LOG] - Integrity check
> on decrypted field failed (31)
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
> Responding to request
> with error:
> explanatory text: Integrity check on decrypted field failed
> error code: Integrity check on decrypted field failed
> clientPrincipal: null@null
> client time: null
> serverPrincipal: { name-type: KRB_NT_SRV_INST, name-string :
> <'krbtgt', 'EXAMPLE.COM'> }@EXAMPLE.COM
> server time: 20130408174417Z
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] - Responding to
> request with error:
> explanatory text: Integrity check on decrypted field failed
> error code: Integrity check on decrypted field failed
> clientPrincipal: null@null
> client time: null
> serverPrincipal: { name-type: KRB_NT_SRV_INST, name-string :
> <'krbtgt', 'EXAMPLE.COM'> }@EXAMPLE.COM
> server time: 20130408174417Z
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.components.PrincipalName] -
> PrinipalName encoding : 0x7E 0x81 0x86 0x30 0x81 0x83 0xA0 0x03 0x02 0x01
> 0x05 0xA1 0x03 0x02 0x01 0x1E 0xA4 0x11 0x18 0x0F 0x32 0x30 0x31 0x33 0x30
> 0x34 0x30 0x38 0x31 0x37 0x34 0x34 0x31 0x37 0x5A 0xA5 0x03 0x02 0x01 0x00
> 0xA6 0x03 0x02 0x01 0x1F 0xA9 0x0C 0x1B 0x0A 0x44 0x49 0x53 0x4E 0x45 0x59
> 0x2E 0x43 0x4F 0x4D 0xAA 0x1F 0x30 0x1D 0xA0 0x03 0x02 0x01 0x02 0xA1
> 0x16 0x30 0x14 0x1B 0x06 0x6B 0x72 0x62 0x74 0x67 0x74 0x1B 0x0A 0x44 0x49
> 0x53 0x4E 0x45 0x59 0x2E 0x43 0x4F 0x4D 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> [10:44:17] DEBUG
> [org.apache.directory.shared.kerberos.components.PrincipalName] -
> PrinipalName initial value : { name-type: KRB_NT_SRV_INST, name-string :
> <'krbtgt', 'EXAMPLE.COM'> }
> [10:44:17] DEBUG [org.apache.directory.shared.kerberos.messages.KrbError] -
> KrbError encoding : 0x7E 0x81 0x86 0x30 0x81 0x83 0xA0 0x03 0x02 0x01 0x05
> 0xA1 0x03 0x02 0x01 0x1E 0xA4 0x11 0x18 0x0F 0x32 0x30 0x31 0x33 0x30 0x34
> 0x30 0x38 0x31 0x37 0x34 0x34 0x31 0x37 0x5A 0xA5 0x03 0x02 0x01 0x00 0xA6
> 0x03 0x02 0x01 0x1F 0xA9 0x0C 0x1B 0x0A 0x44 0x49 0x53 0x4E 0x45 0x59 0x2E
> 0x43 0x4F 0x4D 0xAA 0x1F 0x30 0x1D 0xA0 0x03 0x02 0x01 0x02 0xA1 0x16 0x30
> 0x14 0x1B 0x06 0x6B 0x72 0x62 0x74 0x67 0x74 0x1B 0x0A 0x44 0x49 0x53 0x4E
> 0x45 0x59 0x2E 0x43 0x4F 0x4D 0xAB 0x2B 0x1B 0x29 0x49 0x6E 0x74 0x65 0x67
> 0x72 0x69 0x74 0x79 0x20 0x63 0x68 0x65 0x63 0x6B 0x20 0x6F 0x6E 0x20 0x64
> 0x65 0x63 0x72 0x79 0x70 0x74 0x65 0x64 0x20 0x66 0x69 0x65 0x6C 0x64 0x20
> 0x66 0x61 0x69 0x6C 0x65 0x64
> [10:44:17] DEBUG [org.apache.directory.shared.kerberos.messages.KrbError] -
> KrbError initial value :
> KRB-ERROR : {
> pvno: 5
> msgType: KRB_ERROR
> sTime: 20130408174417Z
> susec: 0
> errorCode: Integrity check on decrypted field failed
> realm: EXAMPLE.COM
> sName: { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> eText: Integrity check on decrypted field failed
> }
> [10:44:17] DEBUG
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
> /10.42.12.54:41991 SENT:
> KRB-ERROR : {
> pvno: 5
> msgType: KRB_ERROR
> sTime: 20130408174417Z
> susec: 0
> errorCode: Integrity check on decrypted field failed
> realm: EXAMPLE.COM
> sName: { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> eText: Integrity check on decrypted field failed
> }
> [10:44:17] DEBUG [org.apache.directory.server.KERBEROS_LOG] -
> /10.42.12.54:41991 SENT:
> KRB-ERROR : {
> pvno: 5
> msgType: KRB_ERROR
> sTime: 20130408174417Z
> susec: 0
> errorCode: Integrity check on decrypted field failed
> realm: EXAMPLE.COM
> sName: { name-type: KRB_NT_SRV_INST, name-string : <'krbtgt',
> 'EXAMPLE.COM'> }
> eText: Integrity check on decrypted field failed
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
