Ok, maybe I can help in testing then. I've filed:
https://issues.apache.org/jira/browse/DIRKRB-100 I disabled pre-auth for the account just to rule out any chance that my principal / password was actually wrong. Now I get a ChangePasswordException: Request failed due to being malformed. Eirik. On Wed, Feb 26, 2014 at 11:38 AM, Kiran Ayyagari <[email protected]> wrote: > > > > On Wed, Feb 26, 2014 at 4:04 PM, Eirik Bjørsnøs <[email protected]> wrote: >> >> Hi, >> >> I'm trying out KdcConnection using Microsoft Active Directory as KDC. >> >> On getTgt, I first get KRB5KRB_ERR_PREAUTH_REQUIRED. KdcConnection >> retries with a PaEncTsEnc added to the request. >> >> The response to this second request is KDC_ERR_PREAUTH_FAILED. >> >> Any idea why that would happen? >> > no, do you have any logs from AD? you can raise a JIRA here > https://issues.apache.org/jira/browse/DIRKRB > and attach the logs and any other details. > I have never tested this client against AD (due to lack of access) >> >> My understanding is that pre authentication involves encrypting a hash >> of the current timestamp. >> >> Any reason this could fail when talking to AD? >> >> Thanks, >> Eirik. > > > > > -- > Kiran Ayyagari > http://keydap.com
