[
https://issues.apache.org/jira/browse/DIRKRB-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13915655#comment-13915655
]
Eirik Bjorsnos commented on DIRKRB-100:
---------------------------------------
I can confirm that when using kerberos-client 2.0.0-M16-SNAPSHOT AND
hard-coding to DES-CBC-MD5, I'm able to successfully change password for a user.
So I guess we're left with three independent bugs now:
1) RC4_HMAC_MD5 decryption doesn't work
2) Encryption type negotiation doesn't work
3) KdcConnection does not have default encryption types (minor issue)
> Active Directory support for KdcConnection
> ------------------------------------------
>
> Key: DIRKRB-100
> URL: https://issues.apache.org/jira/browse/DIRKRB-100
> Project: Directory Kerberos
> Issue Type: Improvement
> Reporter: Eirik Bjorsnos
> Assignee: Emmanuel Lecharny
>
> I'm testing KdcConnection.getTgt() with Microsoft Active Directory.
> My first test failed with AD responding with first saying
> KRB5KRB_ERR_PREAUTH_REQUIRED (expected), then KRB5KRB_ERR_PREAUTH_FAILED (not
> expected).
> Since PREAUTH_FAILED is what you'll also get if your password is wrong, I
> enabled "Do not use pre authentication" for the account being tested and
> verified via kinit on OS X that no pre authentication was sent there.
> When testing getTgt with no preauth, I now get the following exception:
> Exception in thread "main"
> org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException:
> Request failed due to being malformed.
> at
> org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder.decodeEncTgsRepPart(KerberosDecoder.java:684)
> at
> org.apache.directory.kerberos.client.KdcConnection._getTgt(KdcConnection.java:329)
> at
> org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:181)
> at
> org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:145)
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
