Eirik Bjorsnos created DIRKRB-100:
-------------------------------------
Summary: Active Directory support for KdcConnection
Key: DIRKRB-100
URL: https://issues.apache.org/jira/browse/DIRKRB-100
Project: Directory Kerberos
Issue Type: Improvement
Reporter: Eirik Bjorsnos
Assignee: Emmanuel Lecharny
I'm testing KdcConnection.getTgt() with Microsoft Active Directory.
My first test failed with AD responding with first saying
KRB5KRB_ERR_PREAUTH_REQUIRED (expected), then KRB5KRB_ERR_PREAUTH_FAILED (not
expected).
Since PREAUTH_FAILED is what you'll also get if your password is wrong, I
enabled "Do not use pre authentication" for the account being tested and
verified via kinit on OS X that no pre authentication was sent there.
When testing getTgt with no preauth, I now get the following exception:
Exception in thread "main"
org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException:
Request failed due to being malformed.
at
org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder.decodeEncTgsRepPart(KerberosDecoder.java:684)
at
org.apache.directory.kerberos.client.KdcConnection._getTgt(KdcConnection.java:329)
at
org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:181)
at
org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:145)
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
